NSA Says Federal Cyber Strategy Needs More NSA More Often, And On The Information Sharing Ground Floor

from the cyber-me-once,-shame-on-me... dept

The NSA doesn't like the fact that it didn't get a big enough slice of the tax-dollar-grabbing cyber pie. After much discussion about which agencies would oversee what aspects of the US government's cyberwar defense systems, the NSA -- despite all of its computing power and hoarded exploits -- ended up with the unenviable task of protecting the home turf rather than engaging in more offensive maneuvers.

Currently, the NSA has responsibility for protecting U.S. government IT systems that carry classified or sensitive data — like the Department of Defense’ massive intranet known as NIPRNet.

It's a clear case of cyber envy. The DHS gets all the good stuff, including a first look at any juicy data turned over to it from the government's one-way "information sharing" program.

But the security of most civilian federal IT systems — and the private sector networks that support the functioning of vital industries like banks and telecoms — are the responsibility of DHS’ Office of Cybersecurity and Communication…

The DHS is supposed to vet and minimize this information before passing it along to federal cybersecurity partners like the NSA. The NSA, however, isn't used to seeing unminimized data. Nor is it content to hang out underneath the DHS's cybertable and wait for it to toss it a bone. So, it's proposing a revamping of the federal government's cyber strategies so that they align more closely with what the NSA apparently feels should have been done in the first place.

“I’m now firmly convinced that we need to rethink how we do cyber defense as a nation, possibly even going so far as that we unite pieces of those three organizations into one organization that does it on behalf of the whole government,” said Curtis Dukes, the NSA’s deputy national manager for national security systems.

Yeah! That's how a partnership is supposed to work: the NSA seated in the same room with the DHS and law enforcement agencies, with everyone comparing the size of their information silos. Excellent. Dukes says he might be a "bit biased" in placing the NSA on equal footing with domestic security and law enforcement agencies, but cyber lives are at stake, dammit!

Dukes said the “bad news” was, with every cyber intrusion becoming a potential crime scene, meaning the FBI had to be involved, and with the DHS in charge, “as we orchestrate across those three department and agencies what we find is that we’re suboptimal and by the time we actually respond to an intrusion, it takes hours to days and by then in cyber time, the adversary has already met their objective.”

Figuring out under whose authorities an incident response should be run meant giving the enemy a head start, he said. “By the time we fill out the paperwork that would allow NSA to provide assistance, it’s typically days to a week before we can actually respond,” he added.

Wonderful. Exigent circumstances but for domestic snooping.

The NSA wants first access to private sector communications and data because the current method takes too long to get the data into the NSA's hands. That's the pitch. Never mind the fact that the NSA is supposed to be an intelligence service tasked with collecting FOREIGN communications and data. Never mind the fact that the agency exploited post-9/11 terrorism fears to become a domestic surveillance agency that turned the Third Party Doctrine into a loophole to be exploited in bulk. Never mind that it simply makes more sense to route domestic security-related data to the the domestic agencies (DHS, FBI, etc.) for several reasons, not the least of which are (at least) two Constitutional amendments (First, Fourth).

But there you have it: the NSA is lobbying for first peek at shared data from US companies, and it's claiming its only interest is better cybersecurity. And it's making this pitch while glossing over the fact that it is not -- and never has been -- a domestic law enforcement agency. Somehow, it still feels it's entitled to act like one and engage in even more domestic snooping.

Filed Under: cybersecurity, dhs, doj, fbi, nsa, surveillance


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    TheResidentSkeptic (profile), 24 Oct 2016 @ 5:58am

    Not how it's done guys...

    The very statement:
    "By the time we fill out the PAPERWORK..."
    is absolute proof of their level of competence in the realm of "cyber".

    reply to this | link to this | view in chronology ]

  • icon
    Designerfx (profile), 24 Oct 2016 @ 8:26am

    NSA is not exactly beneficial

    The NSA doesn't exactly provide benefit - they are a detriment, so why would we want that hot garbage being focused on hamstringing our own country?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Oct 2016 @ 8:55am

    Viewed through rose-colored glasses

    We absolutely want the NSA reclassified as a domestic law enforcement agency, because then they'll start obeying laws that constrain domestic agencies not to engage in unlawful surveillance.

    reply to this | link to this | view in chronology ]

  • identicon
    Michael, 24 Oct 2016 @ 9:25am

    it takes hours to days and by then in cyber time, the adversary has already met their objective.

    "cyber time"? Is that like "cat years"? We are supposed to reorganize our law enforcement and foreign surveillance agencies because time keeps speeding up and slowing down or something?

    reply to this | link to this | view in chronology ]

  • identicon
    Capt ICE Enforcer, 24 Oct 2016 @ 10:55am

    Great NSA

    Good thing the NSA was able to defend the internet from a massive attack last week. Oh wait, they didn't help.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Oct 2016 @ 11:45am

      Re: Great NSA

      Good thing the NSA was able to defend the internet from a massive attack last week. Oh wait, they didn't help.

      Of course not. They finished filling out the paperwork for it late Friday, and within a week or so, they should have approval to help.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Oct 2016 @ 11:28am

    Typo: isn't used to seeing unminimized

    Shouldn't this be "isn't used to seeing minimized data?"

    I'd say "Or 'is used to seeing unminimized data,'" but that wouldn't fit in with the "Nor" that begins the next sentence.

    reply to this | link to this | view in chronology ]

  • identicon
    SpaceLifeForm, 24 Oct 2016 @ 3:36pm

    More retro-cover

    They are already doing that
    which they claim they need to
    do via control of routing traffic
    overseas and back.

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 24 Oct 2016 @ 4:55pm

    Of course the fox should be on a panel regarding henhouse security, it has so much experience

    But there you have it: the NSA is lobbying for first peek at shared data from US companies, and it's claiming its only interest is better cybersecurity. And it's making this pitch while glossing over the fact that it is not -- and never has been -- a domestic law enforcement agency.

    Also glossing over the fact that when it comes to 'better cybersecurity' they are decidedly adversarial to everyone that's not them, up to and including the US public, meaning even if they were a domestic aimed agency it would still be a terrible idea.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Oct 2016 @ 4:57pm

    And lo, the seas rose by another inch that day on account of Whatever's ravenous salivation.

    reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 24 Oct 2016 @ 10:34pm

    Just remember kids, horrible things could happen from these attacks...
    And they're more concerned with who gets top billing in the story than stopping the horrible things.

    All of them are unsuited & unfit for this work. They are all extensions of bloated bureaucracy who think if they waste more of your money paying another corporations who promises the moon but delivers temps who spend their day surfing porn sites.

    They are more concerned with the funding than the actual problems. Grabbing up more headlines for sham operations while trying to cover up their giant failures to see the real plots.

    reply to this | link to this | view in chronology ]

  • icon
    orbitalinsertion (profile), 24 Oct 2016 @ 11:09pm

    NSA harder?

    reply to this | link to this | view in chronology ]

  • identicon
    Stosh, 25 Oct 2016 @ 12:37pm

    "Currently, the NSA has responsibility for protecting U.S. government IT systems that carry classified or sensitive data"

    Systems with requirements for 17 character random passwords, ensuring that every password is available on a sticky note underneath every keyboard...

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.