NSA to offer a secure platform
The National Security Agency is spearheading a team of intelligence agencies and information technology vendors in an effort toward broader use of secure multilevel workstations based on High Assurance Platform (HAP) standards and specifications.
NSA expects this year to approve outside use of HAP systems, which foreshadows the technology’s adoption by federal agencies that handle unclassified data in addition to private companies and eventually individuals, specialists in the field say.
NSA and its vendors expect to complete the technical and legal reviews that constitute the certification and accreditation (C&A) required before HAP systems can be cleared for use in the secret-and-below intelligence (SABI) world. Early HAP systems have been used in the top-secret-and-above intelligence arena for many months.
More to come
The C&A milestone will clear the first HAP release, HAP r1, for use by the SABI community.
The release builds on earlier technology work but doesn’t include some of its most eagerly awaited features, said Ed Hammersla, chief operating officer at Trusted Computer Solutions.
“HAP r4 will include the cornerstones of the HAP technology,” he said. “That is due in 2012.”
Hammersla said the virtual computing features in HAP can strengthen security and provide electricity savings for agencies and companies.
“For example, companies that operate electricity grids and pipelines have become concerned that their general business-side computers, such as the mainframes used for accounting, could provide pathways for insiders to drill through to the supervisory control and administration (SCADA) systems that regulate their networks,” Hammersla said.
SCADA system vulnerabilities have attracted widespread scrutiny as a weakness that terrorists could exploit to devastating effect.