Podcasts
CSO Perspectives (Pro)
Ep 5563
CSO Perspectives (Pro) 3.27.23
Ep 5563 | 3.27.23

Bonus: Tour of National Cryptologic Museum with museum director, Dr. Vince Houghton.

Show Notes
Transcript

Rick Howard: Hey, everybody. Rick here. As you know, we concluded Season 12 of "CSO Perspectives" last week. Season 13 starts in May. But as a reward for CyberWire Pro subscribers, I have a special treat for you. A couple of weeks ago, I got invited to visit the U.S. National Cryptologic Museum, just outside the National Security Agency's headquarters in Maryland, and meet the director, Dr. Vince Houghton. So after the obligatory Denny's breakfast with sound engineer Tre Hester and producer Liz Irvin, the three of us went up to the museum to get a tour and to have a discussion with Dr. Houghton about the exciting new exhibits that he and his team have installed while the rest of us were in COVID lockdown. This was a lot of fun, and I think you will like it. Enjoy.

Vince Houghton: The museum has three galleries, plus what we call Memorial Hallway. And Memorial Hallway is exactly what it sounds like. It focuses on those who worked in the cryptologic field - not just for NASA - in the cryptology field, who have given their lives for the - in service for the country. And it goes all the way back to as far back as we can go, all the way up to Shannon Kent. There are dozens and dozens and dozens of names on our memorial wall. A lot of people have this perception of cryptology or signals intelligence or cyber that these are just people sitting at headquarters behind a computer with headphones on listening to communications. But a lot of them are forward deployed. We are a combat support agency. One thing NSA does that other agencies may not do is we have customers in both directions. We have customers up high for strategic intelligence - the National Security Council, Congress, the president - you know, talking about big-picture issues. But we have customers on the battlefield as well. We have lieutenants and sergeants and privates who are getting up-to-date signals intelligence or crypto information so they can actually carry out their missions. That means we have people forward deployed everywhere. Certainly, during the war on terror, there were NSA-ers all over the world and in harm's way, as we can see there. 

Vince Houghton: Then we have three main exhibit galleries. We're standing in Gallery 1 right now, to paint a picture. From the left to the right on your radio dial, we're looking at multiple different areas. This is a - mostly a chronological walkthrough in cryptologic history, starting with the American Revolution, where we have "the Jefferson cipher" on display. Now, we put quotes around that - "the Jefferson cipher." We don't know a whole lot about it. We know it was found very nearby Monticello. We know it is almost identical to a cipher design that Jefferson writes about and draws about in his journals and writings. It's in French. Jefferson was a Francophile. He was an ambassador to France. And all diplomatic communications at the time were done in French. So through circumstantial evidence, we call it the Jefferson cipher, although we don't know if he ever used it. He built it. He did it. We do know it is the oldest-existing cipher wheel on the planet. So we have to put that on display. 

Rick Howard: Absolutely. 

Vince Houghton: But we do have a large label next to it talking about provenance. We want to make sure our visitors understand how museums go about telling the world, honestly, what they have. We want to be very honest about the things that we don't know. 

Rick Howard: So like we were talking about before the - we got out here in the main hallways, it's one thing to say, here's a replica of the thing. 

Vince Houghton: Right. 

Rick Howard: But here's the thing. 

Vince Houghton: So we're really focusing on the thing, right? 

Rick Howard: Yeah. 

Vince Houghton: So another great example of that is there's no cryptologic museum that should be around without talking about Herbert Yardley, the American Black Chamber, which is kind of the first leaker. Story is long. We won't get into it. But essentially, Yardley was the head of the American Cryptologic Unit during World War I and then into the 1920s that broke codes all over the place and listening to communications. He was eventually fired, and his organization was shut down by Henry Stimson, who was secretary of state - very famously said, gentlemen, don't read each other's mail. 

Rick Howard: Right. 

Vince Houghton: Of course, during World War II, when he was secretary of war, he really liked the fact that we read each other's mail. But Yardley got mad. He needed money. So he wrote a book, "The American Black Chamber." And we actually have the original manuscript. So this is Yardley's original manuscript for "The American Black Chamber," typewritten with editorial notes on the inside and everything else. To give you a little bit of an idea of when we say we don't want a copy of something, we want the thing - there it is. 

Rick Howard: Is this the original idea where you get fired from a government job and say, well, I'll show them, I'll write my book? 

Vince Houghton: Seems like, yeah. 

Rick Howard: (Laughter). 

Vince Houghton: I mean, that's - you know, the joke is now that when you join BUD/S and you're going to be a Navy SEAL, you get a book contract along... 

Rick Howard: Yeah. That's exactly right (laughter). 

Vince Houghton: You get through hell week, and you get your book contract. This is before that. This kind of sets that precedent. And we do have rare books and other things on display, including the first book written in the Western world on cryptology, which is Trithemius' book from 1518. 

Rick Howard: Wow. 

Vince Houghton: And that's the real copy of it. That will stay on display permanently. We're going to be turning pages. We're going to be doing things like that to ensure the conservation of these artifacts for a long time to come. The largest thing in this area is the U.S. Navy cryptanalytic bombe. So the long and the short of it is the - once the Polish break Enigma first, the British break it consistently afterwards. This is the standard three-rotor Enigma. So Enigmas are rotor-based encryption systems. The three-rotor Enigma was what was used by the vast majority of German forces. The British, by 1941, 1942, were breaking this consistently just about every day. And they'd built these machines that the Polish had designed called bombas. The British called them bombs. And they were designed to break the three-rotor Enigma. And they worked constantly, 24 hours a day, seven days a week, breaking Enigma communications. 

Vince Houghton: Well, the German submarine force didn't think Enigma was broken. I think that's a misconception that, oh, they knew it was broken. They had no idea it was broken. They said, we can add another rotor and make it even more secure. So the German submarine force used a four-rotor Enigma. And once they switched to the four-rotor Enigma, all the British bombs were useless against the German submarine force, and that was important in World War II. So realizing that the - Britain at the time did not have the industrial capability of now building hundreds of new four-rotor bombs, they came to the United States and met up with a man named Joe Desch, who was an engineer at the National Cash Register Company, of all places, in Dayton, Ohio, who designed a four-rotor bomb. The United States made over a hundred of these. And they worked in a big building on Nebraska Avenue in Washington, D.C., 24 hours a day, seven days a week, breaking the four-rotor submarine Enigma. At the end of the war, every one of them but one was melted down for the steel. And there's only one left on Earth, and we're standing in front of it. 

Rick Howard: This is the first I've heard of this because my understanding was that the British Bletchley Park effort was mostly German codes. The Americans were handling most of the Japanese codes. This is new for me that they were handling German naval codes. 

Vince Houghton: Well, that was true mostly for the duration of the war. 

Rick Howard: Yeah, yeah. 

Vince Houghton: I mean, the William Friedman-led team at the Signals Intelligence Service was handling mainly Japanese codes, the Japanese diplomatic codes that lead to success against PURPLE. And then the American Navy, an organization called OP-20-G, was working on the Japanese naval codes, JN-25, which leads to the victory at Midway. But when we're asked by Alan Turing-led group that comes over from Britain, like, can you help us do this, we jumped at the opportunity to help the war effort, and we had the additional capability of doing so. And so based on the design of Joe Desch, along with help from the British, these four-rotor bombs were developed, and they were able to consistently break the German submarine. 

Rick Howard: By the same group that was doing the Japanese codes, the same... 

Vince Houghton: No. So they're - some of the same people are overlapping. 

Rick Howard: Yeah. 

Vince Houghton: So you're looking at, you know, there's a Japanese focus group that stays focused on the Japanese. 

Rick Howard: Yeah, yeah, yeah. 

Vince Houghton: But the American cryptology community is not very big at this point, right? It's not like today, where, you know, there's tens of thousands of people working on SIGINT or crypto at NSA. Really, everyone knows everybody else. Everyone's kind of working with everyone else. You know, the numbers are in the hundreds, not the tens of thousands, and even within those hundreds, you have, like, worker bees that aren't the ones doing the actual, like, theoretical... 

Rick Howard: Yeah, all the admin and maintenance and blah, blah, blah. 

Vince Houghton: Exactly. 

Rick Howard: One of the fantastic books about that period is called "Code Girls." Is it 10,000 women that were on that program helping out? 

Vince Houghton: Yeah, so the WAVES, Women Accepted for Volunteer Emergency Service... 

Rick Howard: Yeah. 

Vince Houghton: ...The WAVES are the ones that do the day-to-day operations of these. 

Rick Howard: Right. 

Vince Houghton: And Liza Mundy actually wrote most of that book in our library... 

Rick Howard: Oh, awesome. 

Vince Houghton: ...Here at the Cryptologic Museum. So once the kind of theoretical framework was developed by these mathematicians, once the engineers built the machine, then the women were actually the ones doing the day-to-day codebreaking, actually the ones that are coming back with here's what all these messages are saying. And yeah, you're right, that was - that book "Code Girls" is all about that, this specific mission as well, the four-rotor German U-boat breaking naval bomb. 

Rick Howard: One of my favorite movies is "The Imitation Game." 

Vince Houghton: Yeah. Yeah. 

Rick Howard: And it's very dramatic that the bomb runs and then - chunk - it stops, and we have the answer. That can't be the way that worked, right? 

Vince Houghton: Well, it usually didn't work immediately like that. 

Rick Howard: (Laughter). 

Vince Houghton: There were a lot of false alarms where, basically, what the machines are doing is looking for plain text, real words, in German, of course. And every so often it finds one that is not the solution. So they have people whose job it is to check whatever solution the machine gets against the codes for that day. And some of the times, it's just, like, a false alarm, didn't work. 

Rick Howard: Didn't work, yeah. 

Vince Houghton: But when it does, everything stops. Our people would say jackpot. And then from that point till 12 a.m. the next night, they can break all the different messages from that day. 

Rick Howard: Awesome. Awesome. 

Vince Houghton: Don't ask me about "Imitation Game" because I don't want to ruin it for everybody. 

Rick Howard: Don't ruin it because it's one of my favorite - all right, so I'll talk to you after about it. Yeah (laughter). 

Vince Houghton: Another really key - we do have a lot of things that are focused on the Enigma here. This is an artifact that falls very squarely within the holy trilogy - trinity of artifacts. And the label copy tells you all you need to know. The title of this says Hitler's Enigma, and it is, in fact... 

Rick Howard: The one he used. 

Vince Houghton: Well, so they made 24 of these, the B variant Enigma, and there's a lot going on here that makes it different than the other Enigmas, but from the outside, if you see the red lettering on the plug board... 

Rick Howard: Right. 

Vince Houghton: ...And the red numbers on the rotors, that's the - kind of the first very easy way that you can tell that this is the B variant Enigma. And they made 24 of these. Twenty-three of them are no longer on this Earth. This is the only one that's still left. And this was used by Hitler. He's not punching the keys himself, but when he's sending messages on the road, if he's on a train, if he's on a boat, if he's on a car, where you need portability - because that's what Enigma was all about - he would use one of the B variant Enigmas to send messages to high command. 

Rick Howard: So why was it different? 

Vince Houghton: The wiring and the plug board itself is what makes it slightly different than the other standard three-rotor Enigmas. There actually were multiple different variations of Enigma. The British and the Americans broke several of them but not all of them. The Gestapo Enigma was never broken. The German submarines had a particular Enigma. The rest of the Navy had another one. The Army had one. A lot of different German organizations had their own little tweak. 

Rick Howard: So it wasn't just they had different rotor settings; it was they had a little different wiring scheme. 

Vince Houghton: Right. Wiring changes everything. Wiring completely redirects the signal through the machine, which gives you a completely different variation of encryption off it. 

Rick Howard: Yeah. 

Vince Houghton: And it's really - what's great about Enigma is just a little teeny tweak changes everything. 

Rick Howard: Yeah. Yeah. 

Vince Houghton: And so you could break the standard three-rotor Enigma used by, let's say, an army unit. That only gave you army units for that day. So you had to actually work on breaking different types of Enigmas to get that kind of information from different places. 

Rick Howard: Awesome. 

Vince Houghton: Yeah. 

Rick Howard: Fantastic. 

Vince Houghton: So we're now moving into Gallery 2, which is... 

Rick Howard: Oh, yeah, this is so different from... 

Vince Houghton: It's open, a little more open than it was before. 

Rick Howard: Wow. What a difference. Oh, man (laughter). 

Vince Houghton: So yeah, this used to have a lot going on here. It's a little - it's actually - we have more artifacts on display than we did before but just in a way that allows you a little more freedom of movement to work your way through. We actually built this space. So this didn't exist before. We built this out. This is now a focus on language analysis. So part of what NSA does, I think people overlook, is we have the best linguists on the planet. They don't like being called that. We have the best language analysts on the planet because all of our adversaries - it would be wonderful if they all spoke English. 

Rick Howard: Yeah, would you please get the - give them the memo so they can speak English? (Laughter). 

Vince Houghton: Yeah. Right? But they don't. They speak all these other languages. And it's not just good enough to have book learning or, like, high school Chinese. You actually need to understand idioms and slang and nuance... 

Rick Howard: Nuance. 

Vince Houghton: ...And regional dialects and all these things to create actionable intelligence. And so what people overlook, I think, when they're thinking about the NSA is all the expertise that we have in language. And to me, that's - like, what is that doing in a cryptologic museum? I - look - breaking codes. Breaking that nuance in that language is... 

Rick Howard: Yeah. 

Vince Houghton: ...Like breaking a code. It's the same mechanics behind it. So we wanted to include that. We wanted to tell stories. That also includes the stories like the Navajo and the code talkers. So NSA has one of the largest collection of Bibles on Earth, and you're like, that's kind of contradictory, right? But Bibles, in many cases, are the only written versions of some languages. 

Rick Howard: Wow. 

Vince Houghton: So you had missionaries who would go in Africa or other places to these areas that - or languages that are not spoken very widely. And they never had a written language. So the missionaries would create a Bible in that language for them. And to this day, there are certain languages around Earth - around Earth; that's really great grammar - on Earth that... 

Rick Howard: (Laughter) I knew what you meant. 

Vince Houghton: ...The only written version of that language is a Bible. And so NSA just grabs those every chance... 

Rick Howard: That is fascinating. 

Vince Houghton: Yeah. So we have a collection of those here on display as well. And then this big part of this space is focused on the computer revolution because the computer revolution is so essential to crypto, so essential to NSA. And we start with actually a German cipher machine. That is the catalyst for the computer revolution. And this is a part of the Lorenz cipher machine. I say part of because Lorenz is massive, right? It was something the Germans used to send messages that were incredibly encrypted from static places, like from headquarters, right? This is not something you're going to stick in a car. This was the catalyst. This is actually what was so hard to break that Alan Turing actually spends more time working on Lorenz than he does on Enigma. And they can't break it using kind of systematic brute force, which is basically what the bomb is, right? The bomb is just churning out potential solutions. It's not a computer. It's just a machine allowing us to do things much faster than we would if we had pencil and paper. 

Vince Houghton: Lorenz could not be solved this way, but the solution was to build an actual computer - Colossus, the world's first-ever computer. And what makes it a computer versus just a machine is it got two things. It's got programmability, and it's got memory - the two things that makes a computer a computer today. And so we have Lorenz here as the spark, and then we have the solution. GCHQ very graciously gave us a piece of Colossus that we display here at the museum. 

Rick Howard: Wow. 

Vince Houghton: And so you can see the plaque is presented to the director of NSA from GCHQ. So this is the very - piece of the very first computer on Earth. And then we work around the room talking about the development evolution of computers at NSA from little pieces of much, much larger computers - some of these, like Abner and Harvest, would be the size of this room, so we don't have the whole thing - to the world's first desktop computer, which is the PACE 10. It wasn't very user friendly. You needed a Ph.D. in math in order to actually know how to operate it. 

Rick Howard: I can see that. Look at the... 

Vince Houghton: Yeah. 

Rick Howard: I just want to - just describe it for us. What is - it looks like an old PC from the '80s 'cause it's very tall, right? It's got plug boards... 

Vince Houghton: Yep, plug boards that are Crayola colors. They actually talk about that. 

Rick Howard: Yeah. 

Vince Houghton: Reds and greens and yellows and browns. And you basically move these plugs around using math, very high-level, like, multivariable calculus-level math, in order to get particular answers from it. It's essentially a very, very, very big calculator that has a little higher level of - there's programmability involved in it. 

Rick Howard: And it has a needle that measures amplitude of something. 

Vince Houghton: Yeah. Yeah. Yeah. Exactly, right? 

Rick Howard: (Laughter). 

Vince Houghton: I'm not a computer scientist, so... 

Rick Howard: Well, I am, and I still don't know what that does, all right? So there you go. 

Vince Houghton: And then, of course, we have some of the early Cray computers at NSA, which is very famous. And then actually one of the - the Cray XTS, which was just retired from service at NSA, a much more advanced version. 

Rick Howard: Can we just pause for a second on this? The first Cray you got over here, most of us have that in our pocket now. Is that fair to say? 

Vince Houghton: Most of us had that in our pocket with the iPhone 3. 

Rick Howard: Yeah. 

Vince Houghton: Right? So now, you know... 

Rick Howard: But look at - this is a quarter of the room - maybe not a quarter of the room, but... 

Vince Houghton: It has 45 miles of wires inside of it. 

Rick Howard: Yeah (laughter). 

Vince Houghton: Exaggerating - 45 miles of wiring. It got so hot that if it didn't have a cooling system in it, it would burn through the floor. And so yeah, we've gone leaps and bounds since then. And right next to it is what we call the Black Cray. It's called the Black Widow. The Cray XTS. That is just retired a couple years ago. That is dramatically more advanced than it was before. And then in the middle of the room, we have the IBM thinking machine known as the FROSTBERG. This didn't do a hell of a lot as far as computer revolution is concerned. It's really kind of the first that you can consider, like, modern supercomputers. You're now talking about, like, teraflops of processing speed. What's fun about it, though, are the blinky lights. And you laugh. 

Rick Howard: (Laughter) No. 

Vince Houghton: And it's supposed to be laughed at. Now, the interesting story behind this was when FROSTBERG was put into NSA, engineers were so used to the Cray machines and others making so much noise when they operated, and the FROSTBERG was almost silent. And so they were like, we don't know if it's actually working. Can you do something to let us know it's working? So the engineers went back and added what I technically call the blinky light system. So these lights do nothing other than let you know the machine is on and working, which to me is a wonder. 

Rick Howard: (Laughter). 

Vince Houghton: Like, you can imagine opening a time capsule or being, like, a historian, like, a thousand years, going like, what was the purpose of these lights? 

Rick Howard: Yeah, and spend years trying to figure it out, and they realize at the end it's nothing. 

Vince Houghton: Yeah, exactly. Another interesting artifact - set of artifacts are these two, where you look at them, and it's a typewriter and some kind of ticker-tape machine. And it certainly doesn't look anything like in the movies where the red phone on the president's desk, when he picks up and talks to Moscow. This is actual hotline. So the U.S.-Soviet hotline. 

Rick Howard: What year are we talking here? 

Vince Houghton: From 19- - basically '63, all the way to the end of the Cold War, through the 1980s. After the Cuban Missile Crisis, it became very obvious to everyone that we needed to have a way - the president needed a way to directly communicate with the Soviet premier, so the hotline was established - not a red phone. Actually, Teletype machines - one in the White House, one in the Kremlin. The first time this was used was a test. Essentially, they sent every potential combination of letter and number that they could to make sure they all worked. The first time this was used in operational situation was on November 22, 1963, to announce that Kennedy had been killed, and we're not going to start a war over it. Just relax. Don't go to DEFCON 1. We just want to let you know this has happened, and the situation is under control. But these were retired when the Cold War ended. No one ever would need this again, of course. 

Rick Howard: Of course. 

Vince Houghton: Yeah, exactly. So now they're here in this museum - not a red phone. That's a Hollywood-ization of things. But we do have one red phone in the museum. Now we're moving into Gallery 3, which is focused on the defensive side. So the rest of the museum is focused on code breaking. This is on the code-making side. 

Rick Howard: OK. 

Vince Houghton: So this is the encryption versus the decryption side. NSA - half of what we do is the defense. There used to be an agency at - a section of NSA called Information Assurance. Now it's all cyberdefense kind of thrown in together. But we make all the codes also, right? So we do have a red phone, and that red phone there was the phone that was inside Ronald Reagan's limousine when he was president. People don't think that NSA makes those. Of course we do, right? Anytime you're talking about communications security, it's us. 

Rick Howard: From the NSA, OK. 

Vince Houghton: Right? So that was the phone that NSA created for Ronald Reagan inside of his limo... 

Rick Howard: Is it an encrypted phone or it's just a phone-phone? 

Vince Houghton: No, it's an absolutely encrypted phone. 

Rick Howard: Yeah. 

Vince Houghton: And this was what was inside his limousine. When he stops being president and they actually build The Beast for George H.W. Bush, the phone was taken out and then gifted by the Secret Service back to the NSA for... 

Rick Howard: Awesome. 

Vince Houghton: Because they created it in the first place. We also look at things like written and verbal communication that was encrypted during World War II and beyond. This is a machine called a SIGABA. So this was our answer to Enigma. Basically, the Germans use Enigma as almost a Goldilocks machine, like, just right for all different situations. It was very portable. It was hard to break. We went the other direction. We built machines that were not very portable but were incredibly secure, and then machines that were very portable, not that secure. So you have the M-209, which is this small machine here. It can fit inside your pocket. It only weighs about three pounds - good for tactical communications, not good for strategic communications. You could break it in about an hour. But if you're sending a message saying advance in 30 minutes, it didn't matter if you broke it in an hour... 

Rick Howard: Right. 

Vince Houghton: ...Because that battle was over already. The SIGABA, on the other hand, had over 20 rotors, and it certainly wasn't portable. It weighs a s***load. 

Rick Howard: (Laughter). 

Vince Houghton: So right here, this is the first Navy SIGABA ever made, so serial No. 1, basically. And here is another SIGABA. And you're like, why do you two have SIGABAs? Well, this was the SIGABA that was used to communicate between FDR and Churchill during World War II. So whenever FDR wanted to send a secure message to the British, he used this particular machine to send that message. From all evidence that we know, SIGABA was never broken. It's probably the only cipher machine that you can say that about. It was just so complicated. Nowadays, with a supercomputer, you could break SIGABA, but certainly not in - at the time. There's no indication from any German documents or anyone else that they ever had a - they ever broke SIGABA. 

Rick Howard: From the German discussion, they tweaked the Enigma design for different things. Is that the same for these two different, or are these exactly the same? 

Vince Houghton: Exactly the same. 

Rick Howard: Got it. 

Vince Houghton: It was one of those things that the permutations were so dramatically high, and it wasn't just that there are 24 - 20-plus rotors that were operating kind of the same way the Enigma did. Some of these rotors moved; some didn't, depending on what you did. 

Rick Howard: Yeah. 

Vince Houghton: So the randomization was at the highest level you could possibly get. I mean, obviously, nothing is completely unbreakable unless it's a one-time pad. These were not one-time pads. But these were close. This is as close as you're going to get with an analog machine that's not dealing with kind of quantum encryption. I mentioned NC2, and this is what we're looking at now. This whole back wall is focused on nuclear command and control. This server DEC system to our left is the DEC Alpha. These created the nuclear codes. 

Rick Howard: What time frame are we talking about here? 

Vince Houghton: 1980s, so the height of the Cold War, all the way through a couple years ago. And I'm being cagey when I say a couple years ago. 

Rick Howard: Yeah, yeah. 

Vince Houghton: So, we're talking about - these were still highly classified as of the summer before we opened in 2022. 

Rick Howard: So I just want to clarify what that means. You make nuclear codes. These are the codes that are sitting inside the missile silos? 

Vince Houghton: So the ones that this machine makes are the codes that the president has. So if the president decides to start World War III, the code and card that he has in his pocket is designed by these machines, is randomized and created by these servers. So the nuclear codes - right? - so the presidential nuclear codes. 

Rick Howard: If he decides to push the button... 

Vince Houghton: Right. 

Rick Howard: ...This is the code he's using to do it. 

Vince Houghton: Exactly. 

Rick Howard: Yeah. 

Vince Houghton: Once that happens, he physically isn't launching missiles himself from a submarine. 

Rick Howard: Right. 

Vince Houghton: So the message is sent down to whatever platform or all platforms that are being used to actually initiate this attack, whether it's a nuclear submarine, it's a bomber or it's a missile silo. Well, inside those, there are safes that are, you know - two different levels of safes that have combinations that only one individual knows one, and one individual knows the other - the two-man rule. You may have heard of that. And inside those are these things they nicknamed the biscuits or the cookies. And the biscuits inside of them have a card. You break it open, you pull the card out, and that tells you whether or not that message from the president is authentic. It's called a Sealed Authentication System. The MP37, which is on the other side of this room, creates those biscuits. You can see - people say this looks like an industrial processor. 

Rick Howard: Yeah. 

Vince Houghton: This makes the biscuits, and it made the biscuits from the 1980s all the way through... 

Rick Howard: Wow. 

Vince Houghton: ...A couple years ago of the nuclear command-and-control cycle. 

Rick Howard: It really looks like a steampunk engine. I mean, it looks like there's, like - there should be water running through it. 

Vince Houghton: Yeah, no, I mean... 

Rick Howard: It doesn't, but, you know - amazing. 

Vince Houghton: There are other elements to it. The DEC Alpha actually makes something called the permissive action link as well, the PAL, which is the code on the bomb itself, on the weapon itself. So all of our nuclear weapons, especially the ones stored overseas, have a fail-safe built into them. Essentially - you've seen this in the movies also - right? - where someone is trying to break the code on the bomb. 

Rick Howard: Yeah. 

Vince Houghton: Well, those are all created by that DEC Alpha system as well. So you've got the top of the nuclear command-and-control cycle with the president. You've got the middle here with the Sealed Authentication System. And then you've got the bottom with the permissive action links going back to the DEC Alpha. Also on display, we have the KI-21 and the KI-22. The KI-21 here was the encryption system for the Airborne Launch Command Center, or the Looking Glass plane, until it was replaced by something better. The KI-22 was down at Minuteman III nuclear silos as the encryption system to make sure that a message from the president doesn't get intercepted by someone, and they realize that we're about to kick off a war. This little combination lock is a very early form of a permissive action link. We'd have one more modern, but the ones that are more modern are still a little iffy. You can actually - I can't put one on display, but you can actually - if you're ever in Albuquerque, N.M., the Museum of Nuclear History has a more modern permissive action link. We can't put one on display because we don't want to give our adversaries any information about what they look like. 

Rick Howard: So describe that thing. It's - it looks like a combination lock that you would see on just a typical Master Lock. 

Vince Houghton: It is. Yeah. 

Rick Howard: And then it goes into a cylinder. 

Vince Houghton: Right. And so the cylinder's built into the weapon itself. And unless you're able to pull this out, the missile or the bomb will not arm. 

Rick Howard: I see. 

Vince Houghton: So you can do anything you want with it. You can steal it. You can - you know, if there's a coup in a country and, all of a sudden, they have control of our nuclear weapons, they can't do anything with them unless they're able to remove the permissive action link. And that is that extra level of security that we have against these things happening. 

Rick Howard: Got it. 

Vince Houghton: And then finally, in this area, we're looking at space communication. That's also something that people don't realize that we do here at NSA. We work very closely with NASA. Both NSA and the museum actually works very closely with NASA. There's a big 98-inch screen TV behind you that - NASA actually created this film for us, which is wonderful because they can say things I can't... 

Rick Howard: (Laughter). 

Vince Houghton: ...About things like quantum encryption and laser communication and everything else. But this is a cool artifact that was in the museum before, but we've kind of pulled it out so you can see it a little better. This was the mission control console for the space shuttle that controlled their encryption systems. So this is the ground side... 

Rick Howard: The ground side, yeah. 

Vince Houghton: ...Of what was part of the encryption system for the space shuttle. Now, why would the space shuttle have an encryption system? It's a civilian spacecraft. NASA's a civilian organization. Well, it's not anything secret to say that there are a lot of Department of Defense missions that the space shuttle did. In fact, two entire space shuttle missions were DOD specific, launching satellites or other things like that. The NRO, the National Reconnaissance Office, actually was involved in the design of the space shuttle. The original design didn't work. It was too small. The cargo bay was too small. NRO came back and said, no, you're going to have to make this bigger, or our stuff's not going to fit in it. So when they're doing these top-secret operations, you need to have encrypted communications. I mean, think about - you can go on NASA TV, or there's a NASA app, and listen to the conversations taking place from the International Space Station or on the space shuttle before that. You need to be able to protect some of those communications. So NSA developed these systems for NASA. This is the ground side of it. We do have the space shuttle side of it here as well. 

Rick Howard: Let me describe what this is for a second for the audio audience. It looks like a console out of the "Apollo 13" movie. That's what it does. There's a table where the analyst would sit. There's a couple of phones, old-timey phones that we, you know - cords, and a bunch of buttons that light up and have blinky lights, like you said. 

Vince Houghton: So this was used from 1982 in the beginning of the space shuttle program. So it was designed and built in the '70s. So it looks exactly like it should. It is a mission control console from the Apollo era. 

Rick Howard: (Laughter) Yeah. Exactly. 

Vince Houghton: Right? And it went all the way to the end of the space shuttle program in 2011. So the guys working on this at the very end were like, how do I - this is NASA. Like, we're supposed to be the most advanced organization on Earth, and I'm working on this console from 1965. 

Rick Howard: (Laughter). 

Vince Houghton: So that's the ground side. We do have the aircraft side, a spacecraft side, as well. This beaten up little - I mean, I can describe this as the size of a - I've seen it described as, like, a box of butter at the store - right? - or something... 

Rick Howard: It looks like a small cassette deck you put in your car from the '70s. 

Vince Houghton: Yeah, that's a good - the old pull-out car stereos. 

Rick Howard: Yeah. Yeah. Yeah, yeah, yeah. 

Vince Houghton: This is the space shuttle side part of the encryption system. This was the one from the space shuttle Challenger. That's why it's beaten up the way that it is. So when the Challenger exploded in 1986, this was discovered among the wreckage and rushed back to NSA because it was still very top secret at that point. Now it is no longer, so we can put it on display here at the museum. But this is the encryption system from the Challenger. So we have the ground side, the spacecraft side. That relationship there is explained a lot through this film that NASA was able to make for us. 

Rick Howard: Awesome. What's the car? 

Vince Houghton: Yeah. So the car may not be here when any visitor comes through. It's - we're keeping it - we have it on display since we opened, and we're probably going to arrest it for a while afterwards. So this is a cyber demonstrator that was created through a contract with DARPA, the Defense Advanced Research Projects Agency, and it's known as the SSITH because these guys are nerdy "Star Wars" fans, which I respect. 

Rick Howard: I'm on board with, yeah. 

Vince Houghton: The counterpart to this is called the FETT, of all things. And the FETT and the SSITH went after each other, try to break each other's codes. Basically, what it is is a driving simulator - right? - built into a real smart car. So they took a smart car. They hollowed it out, built a driving simulator inside of it. It's a lot of fun. You drive around and, you know, through the mountains and stuff. However, the back of the car actually has a touch screen where, while you're driving, your buddy, your friend, your mom, whomever, can try to hack the car while you're driving. As our vehicles, as our refrigerators, as our TVs are more and more networked, there's a lot of different vulnerabilities that are created by this, and cars are a great example because cars can be very dangerous if, all of a sudden, someone gets ahold of your system. So you can hack it. You can turn off the brakes. You can increase acceleration to 100%. You can mess with the steering capabilities. And it's very obvious if you're driving that you're in a bad way. What this is designed to do is to demonstrate hardware-based cyberdefense. 

Rick Howard: Got it. 

Vince Houghton: So software-based has been around now for decades. It's your McAfee. It's your Norton. Hardware-based is what DARPA is trying to show is more effective, building almost a physical firewall into these machines that are networked. And so the SSITH is that, right? So the SSITH is their - the code name, the nickname, the acronym, the "Star Wars" nonsense for this system that is built into the vehicle. So you get hacked. You're driving like crazy. And all of a sudden, the SSITH kicks in and protects the vehicle against the malicious cyberattack, and all of a sudden, you can drive again normally. Most people don't get that, as they're having fun driving the car, but people standing around get the idea. It was offered to us. They reached out to us and said, hey, look; we built this demonstrator. We're looking for a home for it. Smithsonian wants it. Would you - we'd rather give it to you. Would you? I'm like, hell yeah, we want this thing, right? 

Rick Howard: Sure. Agree with you. 

Vince Houghton: Yeah, absolutely. I don't have the money to develop something like this. But because it is what it is, essentially a big computer game, we can't have a hundred people going through it and playing it every single day, or it freezes up like everything else. And so we're basically going to arrest it probably in the next couple months. We'll bring it back out for certain events and other things like that. But right now, if you get here within the next couple weeks, maybe even the next couple months, you'll have an opportunity to use this very cool DARPA-designed cyber simulator. 

Rick Howard: Awesome. 

Vince Houghton: And that's just - the hardest thing to do in any museum is to show cyber, right? Like, how do you do it? 

Rick Howard: And make it exciting. 

Vince Houghton: Well, and make it interesting and make it exciting. There aren't a lot of artifacts, right? There are some, but there aren't a lot. So you could put information on a wall. You could do whatever... 

Rick Howard: Right. Yeah. 

Vince Houghton: We had the opportunity there to get people to give us things like the Moonlight Maze computer... 

Rick Howard: Yeah. 

Vince Houghton: ...Like a Siemens processor that was infected by something. I can't even say that word anymore. And then, of course, the Infinity Room at the Spy Museum was - you know, if you want to give me a couple million dollars, I'll build an Infinity Room here. I just don't have the capability of doing that. So that's where we're in a position where we can only show so much. Part of it is classification as well. You know, U.S. Cyber Command is part of the command here at NSA. There's a lot of things that we could talk about, but we can't. And so I'm always on the lookout. That's another great thing about having the clearances that I do, is that I have a great dialogue with the guys at Cyber Command. I'm like, what's coming down the pipe that might one day be declassified? Because then we can show some of the stuff we've done. But not today. 

Rick Howard: Let's wrap it up with - what would you want to tell everybody about this place to get them - convince them to come? 

Vince Houghton: Easiest thing to say, I think, is that we are the only museum in the intelligence community that's completely open to the public - the only one, right? Everywhere else has some limitations. Most of them, if you don't have clearance, forget it. You're not seeing it. Others, you've got to go through hoops to actually get a chance to walk in the door. I love the FBI experience, but it's really - they'll admit it's for recruiting. Like, we're about history. We're trying to show the public the history of this organization, history of cryptology. And we're doing it in a way that anyone can just drive up and walk in. And to me, that's the real draw here. I think the second draw is what we've talked about, the fact that 80-plus percent of the artifacts on display here, you cannot see anywhere else. They just do not exist other places. And they're not examples of things. They're not kind of sort of types of things. They're the thing. 

Rick Howard: Mock up - they're the thing. 

Vince Houghton: And that's why you're not seeing certain things that you might otherwise. Like, where is this story? Where is that story? Well, I don't have the real artifact for that yet - yet. 

Rick Howard: I like the way you say that (laughter). 

Vince Houghton: I always say - yeah, I'm never going to give up. And once I do, I'll show it. But right now, I'm not putting something on display that you can get online or by Googling. Everything you see in every direction you look is going to be something that you can only see here. 

Rick Howard: Awesome. Thank you, sir. Fantastic. Great. 

Vince Houghton: Of course. Awesome. Thanks so much.

CSO Perspectives (Pro)
Podcast Info
HOST(S):
Rick Howard
Hash Table logo
Rick Howard is the CSO of N2K and the Chief Analyst, and Senior Fellow at the N2K Cyber, formerly CyberWire. His past lives include CSO at Palo Alto Networks, CISO at TASC, the GM at Verisign/iDefense, the Counterpane SOC Director, and the Commander of the Army's Computer Emergency Response Team (CERT). Rick served 25 years in the Army, taught computer science at West Point, edited two books and just published his own book, "Cybersecurity First Principles: A Reboot of Strategy and Tactics" and he is regularly joined at the N2K Cyber's Hash Table by a collection of industry experts.
Schedule: Mondays (in season)
Credits: Edited by John Petrik and executive produced by Peter Kilpe. Our theme song is by Blue Dot Sessions, remixed by the insanely talented Elliott Peltzman, who also does the show's mixing, sound, and original score
Creator: CyberWire, Inc.