Brian Snow (September 5, 1943 – December 4, 2022) served in the U.S. National Security Agency from 1971 to 2006, including a six-year term as Technical Director of the Information Assurance Directorate (IAD), which is the defensive arm of the NSA, charged with protecting U.S. information security. During his time in research management positions in the NSA, he played a key role in promoting a more open and collaborative relationship between the Agency and the broader community of security professionals.

Brian Snow
NationalityAmerican
OccupationComputer scientist

Career

edit

In his early career Snow was a mathematics professor at Ohio University, where he helped develop the college's computer science department. In 1971 he started working at the NSA. During the 1970s and 1980s he designed cryptographic components and secure systems. Several cryptographic systems employed by the U.S. government and military have used his algorithms for such purposes as nuclear command and control, tactical voice communications, and network security.[1] As a technical person with high managerial responsibilities,

...he advised senior management on the strengths and shortfalls of the technology they were using, as well as identifying emerging technologies, spotting technical gaps or risks in new systems and services, and identifying old products for withdrawal from service.[2]

ECC and AES

edit

Neal Koblitz and Alfred Menezes have written that Snow was a strong supporter of the transition from RSA to Elliptic Curve Cryptography (ECC) as a public key cryptographic technology:

...ECC started to get strong support from the NSA's Information Assurance Directorate (IAD) during the time when Snow was the technical director and Mike Jacobs was the head of IAD. There has never been any evidence -- in the reports on the Snowden documents or anywhere else -- of any actions by Snow and Jacobs or their researchers that would weaken or undermine cryptographic standards. On the contrary, during that period IAD cooperated with other sectors in pushing for strong security. This was consistent with IAD's mission as the defensive arm of the NSA. (The offensive arm, called SIGINT, is another matter.)[3]

Cybersecurity policy expert Susan Landau attributes the NSA's harmonious collaboration with industry and academia in the selection of the Advanced Encryption Standard (AES) in 2000 — and the Agency's support for the choice of a strong encryption algorithm designed by Europeans rather than by Americans — in part to Snow, who represented the NSA as cochairman of the Technical Working Group for the AES competition.[4]: 75 

After the terrorist attacks of 11 September 2001, the NSA believed that it had public support for a dramatic expansion of its surveillance activities.[2] According to Koblitz and Menezes, the period when the NSA was a trusted partner with academia and industry in the development of cryptographic standards came to an end when, as part of the change in the NSA in the post-September 11 era, Snow was replaced as Technical Director and could no longer effectively oppose proposed actions by the offensive arm of the NSA:

In 2002 Brian Snow was moved from the technical directorship of IAD to a different position within the NSA that had high status but little influence, particularly with regard to actions that were being proposed by SIGINT; Mike Jacobs retired from the NSA the same year.[5]

Code of ethics

edit

In Snow's last years at the NSA before his retirement in 2006, along with Clinton Brooks he led a group that drew up a draft ethics code for intelligence officers.[6]

After retiring from the NSA, Snow worked as a security and ethics consultant. He was a member of the U.S. National Academy of Sciences Committee on Future Research Goals and Directions for Foundational Science in Cybersecurity. He also served on the advisory board of The Calyx Institute[1]

Recognition

edit

In 2019 Brian Snow was inducted into the National Cyber Security Hall of Fame.[7]

References

edit
  1. ^ a b "The Calyx Institute: Privacy by design for everyone" (PDF). Retrieved 9 April 2018.
  2. ^ a b Curtis, Sophie (13 November 2014). "Ex-NSA technical chief: How 9/11 created the surveillance state". The Daily Telegraph.
  3. ^ Koblitz, Neal; Menezes, Alfred J. (2016), "A riddle wrapped in an enigma", IEEE Security & Privacy, 14 (6): 34–42, doi:10.1109/MSP.2016.120, S2CID 2310733
  4. ^ Landau, Susan (2015), "NSA and Dual EC_DRBG: Deja vu all over again?", The Mathematical Intelligencer, 37 (4): 72–83, doi:10.1007/s00283-015-9543-z, S2CID 124392006
  5. ^ Koblitz, Neal; Menezes, Alfred J. (2016), "A riddle wrapped in an enigma", IEEE Security & Privacy, 14 (6): 34–42, doi:10.1109/MSP.2016.120, S2CID 2310733 Footnote 9 in the full version, see "A riddle wrapped in an enigma" (PDF). Retrieved 12 April 2018.
  6. ^ Snow, Brian; Brooks, Clinton (2009), "Privacy and security: An ethics code for U.S. intelligence officers", Communications of the ACM, 52 (8): 30–32, doi:10.1145/1536616.1536630, S2CID 20179319
  7. ^ "Cyber Security Hall of Fame 2019 Inductees". Retrieved 11 April 2019.