The Green Sheet Online Edition
December 22, 2014 • Issue 14:12:02
NSA unleashes Nifi for commercial, government use
The National Security Agency released the first in a series of hyper-adaptive software solutions designed to improve efficiencies in the government and private sectors. Niagarafiles (Nifi) is a new protocol conversion method developed by the NSA's Technology Transfer Program (TTP) that the NSA made available to open source software developers on Nov. 25, 2014. This is viewed as a positive step for many market sectors, including the payments industry.
The NSA established the TTP in 1990 to strengthen the U.S. industrial base by sharing technical expertise among government and non-government entities. The TTP helps stakeholders leverage "dual use" technologies that work in public and private sectors, and using commercial, off-the-shelf technology to reduce government overhead.
Over the years, TTP "dual-use technologies" have been broadly applied by governments and commercial enterprises. Many of these applications have been documented in The Next Wave, a quarterly publication of the NSA Research Directorate that reports on research and activities in telecommunications and information technologies.
In The Next Wave's 20th anniversary issue, NSA Deputy Director Deborah Finke, Ph.D. wrote:
"People are less users who interface with a specific computer than they are beneficiaries of a digital team, in which multiple devices and software are expected to work together smoothly to support the goals of the whole and even integrate with other digital teams to support social interaction. The ways to engage and the opportunities to improve are seemingly endless. Also, as we move into the next 20 years, it is worth pointing out that the challenges for those who seek to make user experiences safer and more secure are becoming harder, not easier—and it is even more important that we get this right."
The TTP shares federally owned technologies and resources with business owners and invites leaders from the business community to educate government agencies on a range of substantive issues.
The business, technology, and academic communities have actively participated in a number of the TTP's strategic initiatives in the areas of acoustics, advanced mathematics, communications, computer technology, information processing, microelectronics, networking, optics, security and signal processing.
Linda L. Burger, Director of the TTP, sees the NSA's national security focus as a creative force that the agency has channeled into designing and producing leading-edge technical solutions. "NSA's innovators work on some of the most challenging national security problems imaginable," Burger said. "We use open source releases to move technology from the lab to the marketplace, making state-of-the-art technology more widely available and aiming to accelerate U.S. economic growth."
A tool for data security
Payment professionals have noted the vibrant culture of the security community where innovation is born out of necessity to stay ahead of malicious attacks. Chris Bucolo is Senior Manager of Security Consulting at Atlanta-based ControlScan, a provider of integrated security and compliance solutions designed to help business owners secure sensitive data and comply with information security and privacy standards.
Bucolo, who has extensive experience in Payment Card Industry (PCI) Data Security Standard (DSS) and security consulting, brings a unique perspective to discussions on PCI scope issues as well as practical applications of PCI requirements in the merchant environment.
"The fact that the NSA is able to share advancements in this area with others in industry and academia is a very positive step," Bucolo said. "I am part of the Merchant and Financial Cyber Security Partnership [working group]. I have seen unprecedented cooperation and information sharing among agencies, law enforcement, retailers, financial institutions, trade groups as well as large retail trade groups, in order to combat the world of threats we find ourselves living in. There is a strong sense of urgency and information sharing."
ANX, a Michigan-based data security organization, sees the NSA's new open-source tool as beneficial to government and business. On a weekly basis, ANX Executive Vice President Mark A. Wayne sees new forms of malicious software infiltrate POS systems and steal customer credit card information.
Contrary to popular belief, much of the software is not being developed by bored college kids in their parents' basements; it's the work of sophisticated criminals that belong to organized, underground cybercrime groups, usually in Eastern Europe.
"The government doesn't generally get involved in an isolated credit card data breach until after it's already happened," Wayne said. "The business owner simply receives a knock on the door from the Secret Service telling them they've been breached, but at that point it's too late; hackers have already compromised the system."
He added that retailers can leverage the expertise of Qualified Security Assessors and Approved Scanning Vendors to help secure their networks and guide them into compliance with standards set by the PCI Security Standards Council.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.