Neal Ziring, Technical Director in the Information Assurance Directorate at the National Security Agency (NSA), provided a lecture titled “Building Robust Security Solutions Using Layering and Independence,” Jan. 17. Ziring spoke to Naval Postgraduate School students, staff and faculty about the importance of layering security components to protect critical systems and data.
“If you need greater assurance than a single commercial off-the-shelf component can provide, a layered solution can be useful,” explained Ziring. “So how does this work? One way to approach this is if you have some requirement such as confidentiality, you may start by selecting some standards that you believe are important. And you select those standards, and for each of those, you may have some candidate set of commercial products that can implement that service or that standard.”
He spoke about the difference between government and commercial devices, and the importance of selecting the right option for the kind of system being secured. He noted that one of his primary objectives when looking at security systems is making it as difficult as possible for would-be attackers to gain access.
“It’s all very nice to say, ‘I have three layers of encryption.’ But if all of those layers are the same, and they exhibit the same vulnerabilities, then I am not getting the benefits out of my investment in those multiple layers that I would like to get,” explained Ziring. “What I hope to do is give my adversary a bad day. That’s how I tend to measure most security systems these days: It is going to make my adversary unhappy with his job that I am using these mechanisms?”
Chair of the NPS Cyber Academic Group and Professor of Computer Science, Dr. Cynthia Irvine, noted the value of having security experts like Ziring lecturing to students on the value of security studies.
“Neal Ziring's talk provided an excellent overview of the direction NSA is now moving in to protect classified information in a limited set of environments,” said Irvine. “Understanding this will be useful to our students.”
Ziring explored layering, and the architectural approaches to it, as a means of protecting critical systems. His lecture helped NPS students further understand the applications, costs and benefits of layering.
Ziring previously worked at AT&T Bell Labs, and later served as a technical director for the Vulnerability Analysis and Operations Group at the NSA.