NSA Says Federal Cyber Strategy Needs More NSA More Often, And On The Information Sharing Ground Floor
from the cyber-me-once,-shame-on-me... dept
The NSA doesn’t like the fact that it didn’t get a big enough slice of the tax-dollar-grabbing cyber pie. After much discussion about which agencies would oversee what aspects of the US government’s cyberwar defense systems, the NSA — despite all of its computing power and hoarded exploits — ended up with the unenviable task of protecting the home turf rather than engaging in more offensive maneuvers.
Currently, the NSA has responsibility for protecting U.S. government IT systems that carry classified or sensitive data — like the Department of Defense’ massive intranet known as NIPRNet.
It’s a clear case of cyber envy. The DHS gets all the good stuff, including a first look at any juicy data turned over to it from the government’s one-way “information sharing” program.
But the security of most civilian federal IT systems — and the private sector networks that support the functioning of vital industries like banks and telecoms — are the responsibility of DHS’ Office of Cybersecurity and Communication…
The DHS is supposed to vet and minimize this information before passing it along to federal cybersecurity partners like the NSA. The NSA, however, isn’t used to seeing unminimized data. Nor is it content to hang out underneath the DHS’s cybertable and wait for it to toss it a bone. So, it’s proposing a revamping of the federal government’s cyber strategies so that they align more closely with what the NSA apparently feels should have been done in the first place.
“I’m now firmly convinced that we need to rethink how we do cyber defense as a nation, possibly even going so far as that we unite pieces of those three organizations into one organization that does it on behalf of the whole government,” said Curtis Dukes, the NSA’s deputy national manager for national security systems.
Yeah! That’s how a partnership is supposed to work: the NSA seated in the same room with the DHS and law enforcement agencies, with everyone comparing the size of their information silos. Excellent. Dukes says he might be a “bit biased” in placing the NSA on equal footing with domestic security and law enforcement agencies, but cyber lives are at stake, dammit!
Dukes said the “bad news” was, with every cyber intrusion becoming a potential crime scene, meaning the FBI had to be involved, and with the DHS in charge, “as we orchestrate across those three department and agencies what we find is that we’re suboptimal and by the time we actually respond to an intrusion, it takes hours to days and by then in cyber time, the adversary has already met their objective.”
Figuring out under whose authorities an incident response should be run meant giving the enemy a head start, he said. “By the time we fill out the paperwork that would allow NSA to provide assistance, it’s typically days to a week before we can actually respond,” he added.
Wonderful. Exigent circumstances but for domestic snooping.
The NSA wants first access to private sector communications and data because the current method takes too long to get the data into the NSA’s hands. That’s the pitch. Never mind the fact that the NSA is supposed to be an intelligence service tasked with collecting FOREIGN communications and data. Never mind the fact that the agency exploited post-9/11 terrorism fears to become a domestic surveillance agency that turned the Third Party Doctrine into a loophole to be exploited in bulk. Never mind that it simply makes more sense to route domestic security-related data to the the domestic agencies (DHS, FBI, etc.) for several reasons, not the least of which are (at least) two Constitutional amendments (First, Fourth).
But there you have it: the NSA is lobbying for first peek at shared data from US companies, and it’s claiming its only interest is better cybersecurity. And it’s making this pitch while glossing over the fact that it is not — and never has been — a domestic law enforcement agency. Somehow, it still feels it’s entitled to act like one and engage in even more domestic snooping.
Filed Under: cybersecurity, dhs, doj, fbi, nsa, surveillance
Comments on “NSA Says Federal Cyber Strategy Needs More NSA More Often, And On The Information Sharing Ground Floor”
Not how it's done guys...
The very statement:
“By the time we fill out the PAPERWORK…”
is absolute proof of their level of competence in the realm of “cyber”.
NSA is not exactly beneficial
The NSA doesn’t exactly provide benefit – they are a detriment, so why would we want that hot garbage being focused on hamstringing our own country?
Viewed through rose-colored glasses
We absolutely want the NSA reclassified as a domestic law enforcement agency, because then they’ll start obeying laws that constrain domestic agencies not to engage in unlawful surveillance.
it takes hours to days and by then in cyber time, the adversary has already met their objective.
"cyber time"? Is that like "cat years"? We are supposed to reorganize our law enforcement and foreign surveillance agencies because time keeps speeding up and slowing down or something?
Great NSA
Good thing the NSA was able to defend the internet from a massive attack last week. Oh wait, they didn’t help.
Re: Great NSA
Of course not. They finished filling out the paperwork for it late Friday, and within a week or so, they should have approval to help.
Typo: isn't used to seeing unminimized
Shouldn’t this be "isn’t used to seeing minimized data?"
I’d say "Or ‘is used to seeing unminimized data,’" but that wouldn’t fit in with the "Nor" that begins the next sentence.
More retro-cover
They are already doing that
which they claim they need to
do via control of routing traffic
overseas and back.
Of course the fox should be on a panel regarding henhouse security, it has so much experience
But there you have it: the NSA is lobbying for first peek at shared data from US companies, and it’s claiming its only interest is better cybersecurity. And it’s making this pitch while glossing over the fact that it is not — and never has been — a domestic law enforcement agency.
Also glossing over the fact that when it comes to ‘better cybersecurity’ they are decidedly adversarial to everyone that’s not them, up to and including the US public, meaning even if they were a domestic aimed agency it would still be a terrible idea.
And lo, the seas rose by another inch that day on account of Whatever’s ravenous salivation.
Just remember kids, horrible things could happen from these attacks…
And they’re more concerned with who gets top billing in the story than stopping the horrible things.
All of them are unsuited & unfit for this work. They are all extensions of bloated bureaucracy who think if they waste more of your money paying another corporations who promises the moon but delivers temps who spend their day surfing porn sites.
They are more concerned with the funding than the actual problems. Grabbing up more headlines for sham operations while trying to cover up their giant failures to see the real plots.
NSA harder?
“Currently, the NSA has responsibility for protecting U.S. government IT systems that carry classified or sensitive data”
Systems with requirements for 17 character random passwords, ensuring that every password is available on a sticky note underneath every keyboard…