NSA Says Federal Cyber Strategy Needs More NSA More Often, And On The Information Sharing Ground Floor
from the cyber-me-once,-shame-on-me... dept
The NSA doesn't like the fact that it didn't get a big enough slice of the tax-dollar-grabbing cyber pie. After much discussion about which agencies would oversee what aspects of the US government's cyberwar defense systems, the NSA -- despite all of its computing power and hoarded exploits -- ended up with the unenviable task of protecting the home turf rather than engaging in more offensive maneuvers.
Currently, the NSA has responsibility for protecting U.S. government IT systems that carry classified or sensitive data — like the Department of Defense’ massive intranet known as NIPRNet.
It's a clear case of cyber envy. The DHS gets all the good stuff, including a first look at any juicy data turned over to it from the government's one-way "information sharing" program.
But the security of most civilian federal IT systems — and the private sector networks that support the functioning of vital industries like banks and telecoms — are the responsibility of DHS’ Office of Cybersecurity and Communication…
The DHS is supposed to vet and minimize this information before passing it along to federal cybersecurity partners like the NSA. The NSA, however, isn't used to seeing unminimized data. Nor is it content to hang out underneath the DHS's cybertable and wait for it to toss it a bone. So, it's proposing a revamping of the federal government's cyber strategies so that they align more closely with what the NSA apparently feels should have been done in the first place.
“I’m now firmly convinced that we need to rethink how we do cyber defense as a nation, possibly even going so far as that we unite pieces of those three organizations into one organization that does it on behalf of the whole government,” said Curtis Dukes, the NSA’s deputy national manager for national security systems.
Yeah! That's how a partnership is supposed to work: the NSA seated in the same room with the DHS and law enforcement agencies, with everyone comparing the size of their information silos. Excellent. Dukes says he might be a "bit biased" in placing the NSA on equal footing with domestic security and law enforcement agencies, but cyber lives are at stake, dammit!
Dukes said the “bad news” was, with every cyber intrusion becoming a potential crime scene, meaning the FBI had to be involved, and with the DHS in charge, “as we orchestrate across those three department and agencies what we find is that we’re suboptimal and by the time we actually respond to an intrusion, it takes hours to days and by then in cyber time, the adversary has already met their objective.”
Figuring out under whose authorities an incident response should be run meant giving the enemy a head start, he said. “By the time we fill out the paperwork that would allow NSA to provide assistance, it’s typically days to a week before we can actually respond,” he added.
Wonderful. Exigent circumstances but for domestic snooping.
The NSA wants first access to private sector communications and data because the current method takes too long to get the data into the NSA's hands. That's the pitch. Never mind the fact that the NSA is supposed to be an intelligence service tasked with collecting FOREIGN communications and data. Never mind the fact that the agency exploited post-9/11 terrorism fears to become a domestic surveillance agency that turned the Third Party Doctrine into a loophole to be exploited in bulk. Never mind that it simply makes more sense to route domestic security-related data to the the domestic agencies (DHS, FBI, etc.) for several reasons, not the least of which are (at least) two Constitutional amendments (First, Fourth).
But there you have it: the NSA is lobbying for first peek at shared data from US companies, and it's claiming its only interest is better cybersecurity. And it's making this pitch while glossing over the fact that it is not -- and never has been -- a domestic law enforcement agency. Somehow, it still feels it's entitled to act like one and engage in even more domestic snooping.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cybersecurity, dhs, doj, fbi, nsa, surveillance
Reader Comments
Subscribe: RSS
View by: Time | Thread
Not how it's done guys...
"By the time we fill out the PAPERWORK..."
is absolute proof of their level of competence in the realm of "cyber".
[ link to this | view in chronology ]
NSA is not exactly beneficial
[ link to this | view in chronology ]
Viewed through rose-colored glasses
[ link to this | view in chronology ]
it takes hours to days and by then in cyber time, the adversary has already met their objective.
"cyber time"? Is that like "cat years"? We are supposed to reorganize our law enforcement and foreign surveillance agencies because time keeps speeding up and slowing down or something?
[ link to this | view in chronology ]
Great NSA
[ link to this | view in chronology ]
Re: Great NSA
Of course not. They finished filling out the paperwork for it late Friday, and within a week or so, they should have approval to help.
[ link to this | view in chronology ]
Typo: isn't used to seeing unminimized
Shouldn't this be "isn't used to seeing minimized data?"
I'd say "Or 'is used to seeing unminimized data,'" but that wouldn't fit in with the "Nor" that begins the next sentence.
[ link to this | view in chronology ]
More retro-cover
which they claim they need to
do via control of routing traffic
overseas and back.
[ link to this | view in chronology ]
Of course the fox should be on a panel regarding henhouse security, it has so much experience
But there you have it: the NSA is lobbying for first peek at shared data from US companies, and it's claiming its only interest is better cybersecurity. And it's making this pitch while glossing over the fact that it is not -- and never has been -- a domestic law enforcement agency.
Also glossing over the fact that when it comes to 'better cybersecurity' they are decidedly adversarial to everyone that's not them, up to and including the US public, meaning even if they were a domestic aimed agency it would still be a terrible idea.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
And they're more concerned with who gets top billing in the story than stopping the horrible things.
All of them are unsuited & unfit for this work. They are all extensions of bloated bureaucracy who think if they waste more of your money paying another corporations who promises the moon but delivers temps who spend their day surfing porn sites.
They are more concerned with the funding than the actual problems. Grabbing up more headlines for sham operations while trying to cover up their giant failures to see the real plots.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Systems with requirements for 17 character random passwords, ensuring that every password is available on a sticky note underneath every keyboard...
[ link to this | view in chronology ]