Expected Next Defense Department Boss Claims Snowden Leak A 'Huge Detriment' To US, Willing To Give Cybersecurity To FBI

from the of-course dept

It's widely expected that Ashton Carter is going to be nominated as the next Defense Secretary to replace Chuck Hagel, who recently was pushed out by President Obama. So it seemed like an opportune time to see that the latest podcast from venture capital firm Andreessen Horowitz was actually a panel discussion involving Carter and Yahoo's security boss Alex Stamos. The whole podcast is actually quite interesting: However, what struck me is that Carter actually makes a comment about Ed Snowden. In the past, Carter (who was deputy Defense Secretary -- and, remember, NSA is a part of the Defense Department), has shied away from commenting on Snowden's actions, instead focusing on the internal issues that allowed Snowden to do what he did. Here, he does more of the same, but drops in an aside about Snowden's actions causing damage:

If anyone thinks we did a good job protecting Defense networks, take a look at Edward Snowden. Whatever you think of that, it was a classic insider threat -- realized to the huge detriment of the country.

It would seem that his "whatever you think of that" is immediately negated by his "huge detriment to the country." But I'm curious as to what that huge detriment really is. So far, all we've seen is that it revealed to the public abusive practices of the NSA and its partners, widespread mass surveillance on Americans that has raised significant questions of legality and constitutionality by all three branches of government. And yet, what hasn't been shown is any harm caused by this.

Not that I'd expect a bigshot in the Defense Department to celebrate Snowden's whistleblowing, but at the very least, you'd hope that some would avoid throwing around bogus smears that don't seem to be supported by reality.

Later in the discussion there is a pretty interesting look at the state of cybersecurity issues. The big "information sharing" question is brought up, but more interesting is that Carter seems to admit that he'd be okay with the Justice Department handling cybersecurity issues, rather than the Defense Department. This is actually quite surprising. For years, we've highlighted that much of the fight within the government concerning cybersecurity legislation was really nothing more than a turf war between the Defense Department (NSA) and Homeland Security over who would get the purse strings for the massive cybersecurity budget. While Homeland Security has its problems, we'd greatly prefer a civilian agency have control over the situation, rather than a military one using its signals intelligence agency for cybersecurity (since the two goals there are clearly at odds). Carter surprisingly admits that it's something of a turf battle, but seems to indicate his comfort with a third player handling it instead: the Justice Department. In fact, he even basically notes that, contrary to what the NSA (and others in the Defense Department) have claimed in the past, the NSA really isn't that good at cybersecurity, since that's not what its job is about:

A lot of the threat information that the government collects in the counterintelligence area, counterterrorism, protect your own networks area -- some of its germane, but a lot of it is not really germane to these commercial attacks. Said differently, the government isn't collecting a lot of information about these attacks. That's thing one.

Thing two, which is less acceptable, is in this... the US federal government has still not made a decision in the manner of cyberdefense of the kind it had to make in the area of counterterrorism. Which is: is this an attack, a crime or a disaster? Now, why does that matter if it's all three? Well, if it's an attack, then you expect you defense establishment to take care of it. If it's a crime, then you expect your law enforcement establishment to take care of it. And if it's a disaster, then you expect your Homeland Security apparatus to take care of it.

So there's been this sort of three-fold struggle over this. And you add this huge layer of lawyering -- government lawyering, which is even worse -- on top of this, and you have stasis and paralysis.... Even that which is collected and could be shared is inadequately shared, because of those trivial bureaucratic [logjam]....

... I think you see Jim Comey trying to [break that logjam]. My attitude, when I was representing the Defense Department, to Jim and his predecessor Bob Mueller, my attitude was 'I'm not going to try to claim this. Go for it. And I'm 100% behind you.' I could never get Homeland Security, quite honestly. Because they had the attitude that they wanted this bureaucratically. I mean all bureaucracies want things. And they wanted this. But they didn't have the capability. Comey had the authorities and some reasonable technical capabilities. We had a lot of technical capability, but I didn't feel like we were the right people to do it.

So my attitude was, "this is a national problem, let me just get in behind Jim and tell all my bureaucrats to stuff it and stop fighting with him and trying to seize it yourself" but I never got Homeland Security to that point of view.

That's pretty interesting -- because for years the view from the outside has always been that the Defense Department was the one that was actively demanding this control. The NSA, under Keith Alexander in particular, was pretty blatant about wanting the cybersecurity mandate. If Carter is really willing to give that up, that's interesting. Though, of course, the NSA and FBI have a fairly close relationship -- and I don't see how handing this mandate over to the FBI is such a good idea either. You pretty quickly run into the same issues the NSA had (though sometimes with even less oversight).

Either way, given how much attention Carter is likely to get for his expected new role, it seems worth noting his views on these things that we discuss around these parts pretty frequently.

Filed Under: ashton carter, chuck hagel, edward snowden, nsa

US, Apparently With No Sense Of Irony, Preaching 'Openness' And 'Transparency' To Chinese

from the can't-make-this-stuff-up dept

Defense Secretary Chuck Hagel is heading to Beijing to talk with the Chinese government, and the message he's bringing to the Chinese is that (a) Americans don't do irony and (b) we're a bunch of lying hypocrites. I'm sure that will go over well. You may recall the recent revelations that the NSA (which is a part of the defense department) had hacked into Huawei -- a company that the US keeps insisting is likely used by the Chinese government to spy on people... even though it has no evidence at all to support that.

In what may be the most unintentionally hilarious article in the NY Times you'll read in a while, it discusses how Hagel and the US government are preaching openness, transparency and candor when it comes to state-level cyberattacks, sharing information on what the US is doing, and hoping that the Chinese will reciprocate. In fact, the Obama administration recently held a briefing for the Chinese government in which they discussed the US's "doctrine" for defending against cyberattacks:

The idea was to allay Chinese concerns about plans to more than triple the number of American cyberwarriors to 6,000 by the end of 2016, a force that will include new teams the Pentagon plans to deploy to each military combatant command around the world. But the hope was to prompt the Chinese to give Washington a similar briefing about the many People’s Liberation Army units that are believed to be behind the escalating attacks on American corporations and government networks.

So far, the Chinese have not reciprocated — a point Mr. Hagel plans to make in a speech at the P.L.A.’s National Defense University on Tuesday.

Note, of course, that they only discussed how the US defends against attacks, not their offensive capabilities, such as hacking into Huawei or introducing destructive malware like Stuxnet. Even so, Hagel's mantra seems to be that "transparency" is suddenly a good thing.

In Beijing, the defense secretary “is going to stress to the Chinese that we in the military are going to be as transparent as possible,” said Rear Adm. John Kirby, the Pentagon press secretary, “and we want the same openness and transparency and restraint from them.”

Of course, that's quite a different message from a year ago. As you may recall, just as the first Snowden documents were being released to the public, President Obama was scolding China for its cyberattacks. But, as the NY Times article notes:

“We clearly don’t occupy the moral high ground that we once thought we did,” said one senior administration official.

You think?

And, yet, it seems that making these hilarious claims of "openness" and "transparency" from an administration famous for its unprecedented secrecy has been drilled into Hagel's head for this trip to Beijing. Discussing a different issue -- an escalating dispute between China and Japan over some uninhabited islands -- Hagel again made a statement that reads like pure hypocrisy:

"The more transparent and open governments can be with each other, the better for everyone. That avoids miscalculation, misinterpretation, misunderstanding, and hopefully that lowers the risks of conflict."

While that statement is likely true, it seems fairly rich for the US to be out there preaching that message, while being one of the least transparent, least open US administrations ever. Last year, we wrote about how the Snowden and Manning stories basically stripped the US of its ability to hypocritically browbeat other countries, because those other countries had little to pushback on. As we noted, the way out of that was to stop being hypocritical and to actually practice openness and transparency. While, perhaps, you could argue that sharing a few details of our "cyberdefense" capabilities qualifies, that's a pretty hard sell. The US government still seems to hope that its own hypocrisies will be ignored while it preaches principles it comes nowhere close to living up to.

Filed Under: china, chuck hagel, cyberattacks, defense department, dod, openness, transparency, us