LEADING THE COMSEC REVOLUTION

Declassified and Approved For Release 2012/10/26: CIA-RDP90-0053OR000701710002-9 FEATURE ARTICLE Leading the COMSEC Revolution The STU-III Secure Telephone A quiet revolution has be- gun in US telecommuni- cations, one that will dra- matically change how we secure our classified and sensitive com- munications from potential ad- versaries. The ultimate result will be better and considerably less expensive communications secu- rity, readily available at an af- fordable price to anyone in- the US who needs it. Leading the revolution is the STU-III Program. Known as the Future Secure Voice System pro- ject, the National Security Agen- cy sponsored this major initiative in partnership with the telecom- munications industry to develop and deploy a new family of tele- phone security equipment which went far beyond the capabilities of anything previously available. For the first time, a secure tel- ephone that looks and operates just like a regular telephone can be installed by the user in min- utes. The new secure telephone replaces the standard unit and does not need to be locked in a vault for the night. In its basic form, it will be available at a price under $2,000 and even a choice of colors. Most important, the real- ization of this new secure phone is anticipated within a timeframe previously unheard of for Gov- ernment communications securi- ty equipment. INCEPTION OF THE STU-III In 1983, the National Security Agency began to take a hard look at US COMSEC in general and at telephone security in particu- lar. NSA assessed the situation in one word, "dismal." The exist- ing secure telephone system for the US Government was the ag- ing AUTOSEVOCOM system which used equipment built in the 1950s and 1960s and relied on expensive leased circuits. Fur- thermore, AUTOSEVOCOM served only a very limited num- ber of users, a number that was actually shrinking because of the obsolescence and expense of the system. Although development of the STU-II secure telephone had be- gun in 1975, delivery of the equip- ment was just beginning in 1983. The price of the STU-II was on the order of $12,000, and installa- tion and maintenance costs were considerable. Also, the STU-II was designed for a projected user population of only 10,000. A quick analysis of the require- ments for secure telephones for the mid-1980s put the figure for the Federal Government and for related users closer to half a mil- lion. In addition, NSA and other key planners were beginning to realize that a solution for tele- phone security could not just ad- dress the traditional Govern- ment community of COMSEC us- ers. Many areas of the private sector deal with sensitive infor- mation which can affect our na- tional well-being in both the short and long term. As a hypothetical example, consider a telephone call between the president of a large US oil company and one of its officials in a Middle East country, in which they discuss 'sensitive ne- gotiations being conducted to avert a potential embargo of crude oil shipments to the US. An eavesdropper with hostile inten- tions towards the US could ex- ploit this information to the det- riment of our national interests. It quickly became obvious that a whole new initiative was need- ed in telephone security - one that would address the entire spectrum of needs, and at an af- fordable cost. Moreover, the solu- tion was needed quickly. A trad- itional acquisition program, with a long development and test cy- cle, was out of the question. With this perspective, a radically dif- ferent approach began to take shape. THE PROGRAM STRATEGY It became clear that to do what was needed, NSA was going to have to use the same kind of ap- proach industry would use in bringing a product to the com- mercial marketplace. This ap- proach would have to provide considerable incentive to the de- velopers of the secure telephone and create competition among a number of suppliers to insure get- ting the best product at the best price. At the same time, NSA recog- nized that there were unique re- quirements for secure telephones for specialized uses, such as com- mand and control. It was not ne- cessary or economical to provide these features in every secure tel- ephone. The majority of secure telephone users simply do not need them. Thus, the STU-III was conceived as a family of equipment: The STU-III/Low Cost Terminal would be designed for the regular users, with low price of ownership being a pri- mary goal. The STU-III/Com- mand and Control (C2) Terminal would provide flexible multifunc- tion capabilities with unique fea- tures for special applications. NSA was already developing a compact version of the STU-II for mobile radio telephone applica- tions. After careful examination, it was decided that this equip- ment could serve as the basis for the STU-III/C2. It was an ap- proach which capitalized on ex- isting development with the [Continued on page 20] 18 Declassified and Approved For Release 2012/10/26: CIA-RDP90-0053OR000701710002-9 -RY ?8s  Declassified and Approved For Release 2012/10/26: CIA-RDP90-00530R000701710002-9 page 181 NAGENGAST added benefit of providing an equipment, no bigger than a shoebox, which would be compat- ible with the STU-II. For the STU-III/LCT, howev- er, NSA was essentially starting from scratch, and a way had to be found to quickly bring the product from the conceptual stage to fruition. First, the idea had to be converted into specific concepts and a functional defini- tion, combining NSA's knowl- edge of cryptography with the ca- pabilities and experience of the telecommunications industry. Second, NSA had to establish a competitive, multivendor base for large-volume production at a low price. In order to achieve this rather tall order, a two-phased approach was laid out. The first phase, last- ing six months, would be a com- petitive concept definition study among the top companies in the field. Then, the winners of the concept definition would enter a two-year, integrated develop- ment and initial production phase, with continued competi- tion among the participants for the initial production. THE CONCEPT DEFINITION PHASE Early in 1984, after an exten- sive review of US telecommuni- cations/electronics companies and their capabilities, NSA se- lected five firms to participate in a competitive concept definition for the STU-III/LCT. The com- panies were AT&T, GTE, ITT, Motorola and RCA. The ground rules for the study were straightforward. At the end of the six-month study phase, NSA would pick at least two com- panies for the actual develop- ment. NSA would specify only the minimum performance and STU-111/C2 being developed by RCA. security requirements; the com- panies would be free to propose the best design concept and how they would begin volume produc- tion two years from the start of the development. Finally, the winners would share in an initial large purchase by NSA and would also sell their product di- rectly to the US marketplace, in- cluding the Government and pri- vate sectors. A unique feature of the compe- tition was that the resulting inde- pendent designs all had to be able "to talk to each other" (as well as to the STU-III/C2). Considerable time and effort was spent by NSA and the participating companies during the concept definition to hammer out an interoperability specification. This stage created some interesting moments, with five companies in heated compe- tition being forced to come to- gether in one room and agree on something which would have considerable impact on their own design. To the credit of all in- volved, the overall success of the program took precedence over the individual interests, and agreement was reached. THE DEVELOPMENT/INITIAL PRODUCTION PHASE The concept definition phase was completed on schedule in No- vember 1984, with each company submitting a detailed Concept Definition Report. After an exten- sive evaluation, development contracts were awarded in March 1985 to AT&T, Motorola, and RCA. A fourth company, GTE, was chosen to develop central system management facilities which would provide automated capabilities for ordering and dis- tribution of cryptographic key (a sequence of random numbers which control the encryption and decryption process) for the STU- III and other functions indige- nous to a large-scale secure tele- phone system. The total cost to the Govern- ment for these developments is expected to approach ninety mil- lion dollars. In addition, in order to be in the best possible compet- itive position, the three LCT de- velopers are investing a signifi- cant amount of their own resour- ces in the program. Each of the three developers is required to demonstrate proto- type units to NSA at Month 12 of the development/initial produc- tion phase. NSA will award the initial production contracts short- ly thereafter, basing each ven- dor's share on price, equipment function and features, and per- formance in completing the pro- totype units. At Month 15, each vendor will deliver forty units for AT&T STU-111 LCT. an extensive field test by the Gov- ernment. The prototype equipments will first be evaluated in a formal sys- tem testbed to verify proper oper- ation, including interoperability [Continued on page 22] ' 86 Declassified and Approved For Release 2012/10/26: CIA-RDP90-00530R000701710002-9 4RY  Declassified and Approved For Release 2012/10/26: CIA-RDP90-0053OR000701710002-9 of the various vendors' equip- ments. The equipment will then be placed in the hands of a vari- ety of users worldwide to evalu- ate its performance under actual field conditions. The vendors will be required to correct any defi- ciencies identified during the prototype testing prior to their de- livery of the first production units. Finally, at Month 24, the actual production will begin. Each participating company has planned a fully automated production capability for the STU-III/LCT, with capacity to build in excess of 10,000 units a month. THE STU-III FROM A USER'S PERSPECTIVE What does all this mean to the user? First of all, the user will have a choice. He can select the version that best fits his needs or the type of service plan a partic- ular vendor may offer. It will also be possible for the user to request a special feature or a custom in- terface to meet the requirements of his PBX. Next, the STU-III will be easy to install. The normal interface is the common, garden-variety modular jack, so that the STU-III can be plugged in anywhere an ordinary phone can. For of- fice installations with multiline phones, i.e. those with five-line select and hold buttons, an op- tional version will be available that mates with the standard 1A2 connector used in these in- stallations. If a custom installa- tion is required, the user can ar- range it with the STU-III vendor of his choice. And, unlike pre- vious secure telephones, the STU- III will operate over a single standard phone line. The real test is when the STU- III is in place and ready for that first phone call. A secure call is placed just like a regular call. In fact, until the secure button is pressed, it is a regular call using normal dialing procedures and going over the telephone network in standard fashion. When the other party answers, either one can press the secure button in- itiating an authentication proce- dure between the two telephones lasting no more than twelve se- conds. The two parties can then converse without fear of being overheard by anyone along the transmission path. The various STU-III tele- phones will all offer a number of modern telephone features, such as one-button speed dialing for frequently called numbers and all the units include a feature called the Crypto Ignition Key, or CIK for short. The CIK serves two fundamen- tal purposes. When it is removed, the STU-III becomes unclassified and no special storage area or vault is necessary. Also, without the CIK, the STU-III cannot be used in the secure mode, pre- venting unauthorized use, even though it will continue to serve as a regular phone to place or re- ceive nonsecure calls. In addi- tion, the STU-III will incorporate a display which, when in the se- cure mode, tells the user who he is talking to and what the auth- orized classification level for the conversation is, based on the se- curity clearances of the partici- pating parties. The display also prompts the user if he makes a mistake, such as attempting to go secure when he has forgotten to insert the CIK. FUTURE EVOLUTION OF THE STU-III An important consideration for the future is how the STU-III family will evolve to cover new requirements and keep pace with rapidly changing telecommuni- cations technology. NSA will continue its involvement with the vendors to insure the security of the product, but it will be up to the vendors to develop newer, more flexible versions of the equipment. Additions to the product line could include models for mobile or hand-held cellular radio appli- cations, or a unit which provides wideband capabilities for use in the coming Integrated Services Digital Network (ISDN). Also, the vendors will be able to incor- porate new technology, such as sub-micron level VLSI to produce a smaller, lower cost STU-III in the years to come. Finally, other vendors will be able to build STU- III compatible products to com- pete with the original three on the basis of more features, better service or lower price. What this means is that the STU-III will be an evolving product - one that gets better as time goes on. John C. Nagengast, is currently the Deputy Chief of the Future Secure Voice System Special Project Office (FSVS SPO), the Na- tional Security Agency. ^ 22 JOURNAL of ELECTRONIC DEFENSE ? JANUARY'86 Declassified and Approved For Release 2012/10/26: CIA-RDP90-0053OR000701710002-9 - - -