Prepared Remarks
by Dr. Cheryl L. Shavers
Under Secretary of Commerce for Technology
Press Briefing to Announce Proposed Advanced Encryption Standard
October 2, 2000 11:00 a.m.
- Everyone is talking
about how information technologies are revolutionizing the way we work,
the way we buy, the way we sell, the way we learn, the way we get government
services, and the way we entertain ourselves.
- And “everyone”
is right. We’re truly in the midst of an extraordinary period of change,
enabled by new information technologies and applications. In fact, I
think we may just be in the early stages of that revolution.
- The potential
is enormous. But so is the opportunity for failure if we don’t pay more
attention to the basics. And security is one of those basics.
- For E-Business,
E-Government or E-Anything to succeed, buyers, sellers – everyone who
relies on electronic information – need to be confident that their information
is secure.
- Without that confidence
throughout the community of information providers and users, the growth
of information technology and business, consumer, and government
applications will be hampered. Without that confidence, we won’t
be able to count on the continued strong economic growth that is being
fueled by our information technology advances.
- That’s why the
Secretary’s announcement today of the Department of Commerce’s choice
for the proposed new Advanced Encryption Standard is so important.
- Encryption, a
form for encoding information, is a key means for assuring information
security. The Data Encryption Standard – or DES -- is the principal
technique used by the government to protect sensitive, unclassified
information.
- The Secretary
of Commerce approved DES as a standard in 1977. DES
uses an encryption technique developed in the mid 1970s by IBM and then
adopted by the Federal government – by NIST, in fact -- as a federal
standard in 1977.
- With the continued
growth in computing power over the following decades, however, the time
has come to replace DES. It no longer provides the level of security
needed by many applications. A variant known as “Triple DES” does
provide much stronger security, but it is not efficient at doing that
job.
- In 1996, NIST
– a part of the Technology Administration -- began planning a standards
development process to find a successor to DES, to be known as the Advanced
Encryption Standard, or AES. NIST made their plans public in January
1997.
- AES draws upon
the private sector technology and is designed to provide strong security
well into the new century.
- During the following
years, NIST has organized and managed an international competition to
select a successor algorithm. Of twenty-one entries, fifteen met
the minimum requirements. Five of those were selected as finalists.
Today we will announce the algorithm we are proposing to be the AES.
- NIST Director
Ray Kammer will explain the process in more detail.
- We anticipate
AES will play a pivotal role in securing electronic transactions for
many years to come.
- The federal government,
in this case NIST, plays a key role as facilitator of the AES development.
I may be a bit biased, but I think that NIST and its Information Technology
Laboratory has done a superb job at managing this difficult assignment.
It’s been an open and fair competition. Our goal was to identify the
best possible encryption technique, and that was not an easy task –
but it was very well done.
- This is a proposed
standard that will be used by federal civilian agencies -- if adopted
by the Secretary of Commerce after the public comment process.
But it also will be used voluntarily by huge portions of the private
sector.
- Many in the private
sector will rely upon the government’s endorsement of this standard,
once approved, as a strong vote of confidence in its security.
Of course, I want to make it clear that those in the private sector
may use any encryption technique they choose.
- While encryption
is important to security, no single security technique addresses all
security threats. Everyone must use multiple tools and approaches,
both technological as well as well as human and organizational.
Encryption of information, for example, cannot stop an insider from
leaking your sensitive business secrets.
- But this is a
crucial element in our nation’s security strategy to protect sensitive
information. We’re taking a big step forward today. Thank you.
|