Through a 2010 FOIA request (yes, it took that long), we have copies of the NSA’s KRYPTOS Society Newsletter, “Tales of the Krypt,” from 1994 to 2003.

There are many interesting things in the 800 pages of newsletter. There are many redactions. And a 1994 review of Applied Cryptography by redacted:

Applied Cryptography, for those who don’t read the internet news, is a book written by Bruce Schneier last year. According to the jacket, Schneier is a data security expert with a master’s degree in computer science. According to his followers, he is a hero who has finally brought together the loose threads of cryptography for the general public to understand. Schneier has gathered academic research, internet gossip, and everything he could find on cryptography into one 600-page jumble.

The book is destined for commercial success because it is the only volume in which everything linked to cryptography is mentioned. It has sections on such-diverse topics as number theory, zero knowledge proofs, complexity, protocols, DES, patent law, and the Computer Professionals for Social Responsibility. Cryptography is a hot topic just now, and Schneier stands alone in having written a book on it which can be browsed: it is not too dry.

Schneier gives prominence to applications with large sections.on protocols and source code. Code is given for IDEA, FEAL, triple-DES, and other algorithms. At first glance, the book has the look of an encyclopedia of cryptography. Unlike an encyclopedia, however, it can’t be trusted for accuracy.

Playing loose with the facts is a serious problem with Schneier. For example in discussing a small-exponent attack on RSA, he says “an attack by Michael Wiener will recover e when e is up to one quarter the size of n.” Actually, Wiener’s attack recovers the secret exponent d when e has less than one quarter as many bits as n, which is a quite different statement. Or: “The quadratic sieve is the fastest known algorithm for factoring numbers less than 150 digits…. The number field sieve is the fastest known factoring algorithm, although the quadratric sieve is still faster for smaller numbers (the break even point is between 110 and 135 digits).” Throughout the book, Schneier leaves the impression of sloppiness, of a quick and dirty exposition. The reader is subjected to the grunge of equations, only to be confused or misled. The large number of errors compounds the problem. A recent version of the errata (Schneier publishes updates on the internet) is fifteen pages and growing, including errors in diagrams, errors in the code, and errors in the bibliography.

Many readers won’t notice that the details are askew. The importance of the book is that it is the first stab at.putting the whole subject in one spot. Schneier aimed to provide a “comprehensive reference work for modern cryptography.” Comprehensive it is. A trusted reference it is not.

Ouch. But I will not argue that some of my math was sloppy, especially in the first edition (with the blue cover, not the red cover).

A few other highlights:

• 1995 Kryptos Kristmas Kwiz, pages 299–306
• 1996 Kryptos Kristmas Kwiz, pages 414–420
• 1998 Kryptos Kristmas Kwiz, pages 659–665
• 1999 Kryptos Kristmas Kwiz, pages 734–738
• Dundee Society Introductory Placement Test (from questions posed by Lambros Callimahos in his famous class), pages 771–773
• R. Dale Shipp’s Principles of Cryptanalytic Diagnosis, pages 776–779
• Obit of Jacqueline Jenkins-Nye (Bill Nye the Science Guy’s mother), pages 755–756
• A praise of Pi, pages 694–696
• A rant about Acronyms, pages 614–615
• A speech on women in cryptology, pages 593–599

The National Security Agency (NSA) is taking a proactive stance in cybersecurity with the release of a Cybersecurity Information Sheet (CSI) titled “Deploying AI Systems Securely: Best Practices for Deploying Secure and Resilient AI Systems.” This initiative underlines the growing importance of securing artificial intelligence (AI) systems in the face of evolving cyber threats.

Dave Luber, National Security Agency Cybersecurity Director, emphasized the significance of AI in today’s landscape, acknowledging both its potential benefits and the security challenges it poses. He stated, “AI brings unprecedented opportunity, but also can present opportunities for malicious activity. NSA is uniquely positioned to provide cybersecurity guidance, AI expertise, and advanced threat analysis.”

NSA Collaborative Effort

The CSI, a collaborative effort involving the National Security Agency's Artificial Intelligence Security Center (AISC) and several international partners, including the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), aims to provide guidance to National Security System owners and Defense Industrial Base companies deploying AI systems developed by external entities. While initially targeted at national security applications, the guidance holds relevance for any organization integrating AI capabilities into managed environments, particularly those operating in high-threat, high-value sectors. It builds upon previously released guidelines, signaling a concerted effort to address emerging security challenges in AI development and deployment. This release marks a significant milestone for the AISC, established by the National Security Agency in September 2023 as part of the Cybersecurity Collaboration Center (CCC). The center's mission encompasses detecting and countering AI vulnerabilities, fostering partnerships with industry stakeholders, academia, and international allies, and promoting best practices to enhance the security of AI systems.

Future Directions

Looking ahead, the AISC plans to collaborate with global partners to develop a comprehensive series of guidance on various aspects of AI security. These topics include data security, content authenticity, model security, identity management, model testing and red teaming, incident response, and recovery. By addressing these critical areas, the NSA aims to enhance the confidentiality, integrity, and availability of AI systems, staying ahead of adversaries' tactics and techniques. The release of the CSI reflects a broader commitment to cybersecurity and highlights the importance of collaboration in defending against cyber threats. As AI continues to reshape industries and society at large, ensuring the security of these systems is paramount to safeguarding sensitive data, critical infrastructure, and national security interests. With the rapid evolution of AI technology, ongoing collaboration and proactive security measures will be essential to mitigate emerging risks and maintain trust in AI-driven solutions. The National Security Agency's guidance serves as a foundation for organizations to enhance the resilience of their AI systems and adapt to the evolving threat landscape. In an era defined by digital transformation and unprecedented connectivity, securing AI systems is not merely a technical challenge but a strategic imperative. By leveraging collective expertise and resources, stakeholders can navigate the complexities of AI security and foster a safer, more resilient digital ecosystem for all. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.