INTERVIEW: Bill Crowell, Cylink's NSA link

Featured eBooks
Chasing New Industry
NASCIO Special Report 2024
Changes in State and Local Government Workforces
Insights & Reports
Gain 360-degree visibility of your security
Presented By Carahsoft
Download Now
GovExec TV: Five Questions with Adam Clater
Presented By Red Hat
Download Now
 

Connecting state and local government leaders

By

William P. Crowell, a former deputy director and chief operating officer of the National Security Agency, found the transition to working in industry easy at information security company Cylink Corp. of Sunnyvale, Calif., where he is president and chief executive officer.

CROWELL: Cylink produces commercial security products for electronic business, and the government is working quickly to convert to e-business. We're engaged with a number of agencies to secure their backbone communications: the Treasury and Justice departments, the FBI and others that are trying to secure their networks for all their business.In most cases, the work is under long-term contracts with systems integrators. The purchases are essentially commercial purchases from us. It's not the usual kind of contractual arrangement.CROWELL: In today's networks, everything is connected to everything else. There are no borders and no barriers to anyone who wants to try to bring down a network by denying service'a popular and costly kind of attack'or by hacking or destroying information, either on a Web site or inside the network.It's a growing problem that's going to continue to grow until the right kinds of protections are put in place, protections that provide an umbrella around the network and strongly authenticate internal users and somehow protect against service denial from outside.CROWELL: PKI is a fundamental piece of building secure systems. It provides the digital certificates necessary for strong authentication and encryption. We built the PKI for the Postal Service that forms the basis for its growing e-businesses. Most people have heard of online PC postage. That's an example of a new service that's being enabled by trustworthy cryptography, the foundation of which is PKI.PC postage is sold by various vendors and is intended for small-office and home markets. But anyone can use it if it's beneficial. You create value on your ink-jet printer by printing an indicia that's backed up by the PKI and lets the Postal Service verify authenticity.CROWELL: The token likely will be a smart card, which carries not only your digital certificate but also an encrypted version of your private key. You can use the smart card no matter where you are'with your notebook computer, at your desktop or with someone else's computer if it has a smart-card reader.You can tie security to applications and to your identity. You can protect health records, motor vehicle records and digitally signed documents. My own smart card is a Cylink identification card. It lets me use my computer securely, and it also has a proximity chip that lets me unlock the doors around the office.CROWELL: There's a huge installed base of magnetic card stripe readers for credit cards. They would have to be replaced by smart-card readers, so for that single use, there's a delay in favorable economics. What we're seeing now are larger areas where smart cards can be used for more than one application. That will drive interest in them, but it has been a slow start.CROWELL: Primarily cost and some security issues. Cylink has a patent on a method of protecting the personal identification number from the CPU, which increases the security of the reader.The cost issue is about to have a breakthrough. The cards cost about $10 apiece in quantity'affordable if it can be leveraged not only to increase security but also to reduce fraud.This would pay for itself if you could use it to reduce fraud.CROWELL: I think we're about to see that happen. There's a new standard for smart cards intended to be used by banks. Again, it's a question of how soon the current infrastructure is traded out.More importantly, this is the basis for network protection. It allows secure Internet transactions with a nonrepudiable digital signature that protects both the merchant and the individual. Think of all the procurement activities government agencies carry out by paper or fax or other nonsecure, costly processes. If they were replaced by electronic transactions, it would reduce the government's costs considerably.CROWELL: You need an authority to certify your public key, which makes a matching pair with your private key. I believe this is going to evolve in different ways, mostly along business lines.The Postal Service has postage as its mission. It's not going to give away the authority to somebody else. That's why USPS is operating its own PKI.A Fortune 100 company with 200,000 employees certainly wants to control not only the activation of certificates that allow employees to do things on its network but also to control deactivation'to deny people the opportunity to continue doing things. It also wants to control what authority they have. The certificate is a way of defining their privileges'maybe they can spend $50,000 without an additional signature. It considerably reduces the opportunity for mischief on networks.CROWELL: VPNs have also had a somewhat slow start. Cylink recently entered the market with an IP Security Protocol-compliant VPN that has 100-Mbps performance and centralized point-and-click management.The issues up to now concerning adoption of VPNs have been performance and management on real networks, which are very complicated. If management isn't simple, it keeps you from doing what you need to do.Also, there has been a lot of preoccupation with Y2K'deservedly maybe, but it not only burned up the energy of information technology staffs, it also burned up a lot of their funds. They're now able to turn their attention back to security.You can really improve the security of connections between WANs and site-to-site VPNs. It saves money because you don't need dedicated circuits for IP connections. It essentially puts an encrypted firewall around the network. Denial-of-service attacks like those we've been seeing recently are hard to do without accessing the network.CROWELL: Cylink was one of the 15 submitters of an Advanced Encryption Standard algorithm. It was also not one of the finalists.We're following the evaluation of the remaining five and obviously examining them carefully to see what impact they would have on our business line, performance and security, and other factors.CROWELL: There are opportunities to produce intelligence information from people's communications'something that has gone on throughout history. But we're not the same world as a few years ago. We're building economies based on networks.The world economy within a short time will be totally dependent on network transactions. That's a strong statement, but look at what's happening. There are 160 million users of the Internet and 55 million domain names. In 1993, there was no Web. It was born in 1994, and it already has 800 billion pages. This is not marching along, it's galloping along.
William P. Crowell, a former deputy director and chief operating officer of the National Security Agency, found the transition to working in industry easy at information security company Cylink Corp. of Sunnyvale, Calif., where he is president and chief executive officer.

'This is not the first time I've been out of government,' Crowell said. 'I'm loving it. I enjoy getting out and talking to customers. The feedback process for what you're doing and how you're doing is a little more immediate in private industry.'

Crowell joined Cylink in 1998 as vice president of product management and strategy and became president later that year. He joined the company's board of directors early this year.

Before his work at NSA and Cylink, Crowell was a vice president of Atlantic Aerospace Electronics Corp. of Greenbelt, Md. He holds a bachelor's degree in political science from Louisiana State University.

Susan M. Menke, GCN's chief technology editor, interviewed Crowell by telephone.

GCN:'Which government agencies does Cylink Corp. work with on security issues?





GCN:'Are agency security needs getting more intense in view of Web site hacking and denial-of-service attacks? How bad is it?





GCN:'You're speaking of public-key infrastructure authentication?





GCN:'How will PKI work in a wider environment?





GCN:'What's holding up smart-card adoption?



GCN:'The readers cost how much, $25 apiece? Why aren't they popping up in new PCs?







GCN:'Vinton Cerf, one of the founders of the Internet, has said banks would be the logical distributors for smart cards that could also be used for medical records and so on. Do you agree?





GCN:'PKIs need certificate authorities as go-betweens. Who will be these trusted authorities?







GCN:'What's happening with virtual private networks in the government?









GCN:'What's your position on the contenders for a next-generation encryption standard that the National Institute of Standards and Technology has been evaluating?


What's More



  • Family: Wife, Judy Ann; daughter, Laura Lynn Cayonette, and son, William Pierce Crowell
  • Pets: Tango and Harley, both schnauzers
  • Car: Lexus ES300
  • Last book read: The Internet Bubble by Anthony B. Perkins and Michael C. Perkins
  • Leisure activity: Motorcycle touring; recently traveled 4,000 miles through six Western states and Canada






GCN:'You've been a strong supporter of removing barriers to the export of strong encryption products. How great is the danger to the nation?



NEXT STORY: Commerce deputy CIO Balutis moving to NIST

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.