NIST initiates cryptographic standards review over NSA foul play
The National Institute of Standards and Technology (NIST) has announced review of all its previous recommendations in wake of recent reports of secret NSA meddling leading to weakening of standards making it easier for government to eavesdrop.
According to investigations carried out by ProPublica, The Guardian and The New York Times, NSA spends nearly $250 million every year on a project dubbed “SIGINT Enabling” to secretly undermine encryption standards. NIST announced the review late last Friday and it said that the assessment will also take into consideration how the institute creates encryption standards.
“To ensure that our guidance has been developed according the highest standard of inclusiveness, transparency and security, NIST has initiated a formal review of our standards development efforts”, said Donna Dodson, Chief, Computer Security Division at NIST.
“We are compiling our goals and objectives, principles of operation, processes for identifying cryptographic algorithms for standardization, methods for reviewing and resolving public comments, and other important procedures necessary for a rigorous process”, adds NIST.
NIST said that once the review is over, it will be inviting comments from public and invite third party organizations to contact similar reviews of its standards development approach and seek suggestions for improvements. The institute will then incorporate suggestions and work on its shortcomings to update its development process as necessary in a bid to ensure openness and transparency of the process that “leads to the most secure, trustworthy guidance practicable.”
NIST notes that it is the institute’s mission “to protect the nation’s IT infrastructure and information through strong cryptography” and it can’t achieve that without the “trust and assistance” of cryptography experts from around the world.
“We’re committed to continually earning that trust.”