It wasn’t exactly surprising to read in the Wall Street Journal Wednesday in an article by Siobhan Gorman that the National Security Agency is standing electronic watch over the country’s critical infrastructure, but the news is unsettling. This evolution in our national-security policy was only a matter of time. NSA has been itching for this job, and now, it has it. But there has been almost no debate or public discussion about letting the government into a huge swath of computer networks, much less whether it’s wise or legal.
In May 2007, former intelligence director Mike McConnell—a well known cyber warrior and a former chief of NSA—struck terror in the heart of George W. Bush when he told the President that the computer systems that run banks in this country were vulnerable to cyber attack. The President had never understood the kind of damage a determined hacker, terrorist group, or nation state could cause with a sophisticated attack on US data. Bush’s response to that new knowledge was to give McConnell what he wanted: authority to use the NSA as a front-line defender of US infrastructure.
The Department of Defense had managed to protect its internal networks by limiting the number of points where it connected to the public Internet to just 18. These off-ramps connecting the Information Superhighway to DOD’s equivalent of access roads were well guarded by NSA’s electronic sentinels. NSA had developed the capability to detect the malicious signals emitted by viruses and worms that hackers launched against computers in the US. So the agency began looking for those so-called “threat signatures” as they passed through those heavily guarded 18 points. But NSA started looking for both signatures directed at the DOD’s networks and at other systems in private hands, including electrical stations and financial organizations.
In the past, NSA was content to act like a sheriff standing guard against bandits on the edge of town. Now, under Perfect Citizen, NSA is expanding to post deputies both at the border, and at the bank, saloon and brothel as well.
When I interviewed McConnell for my book, he told me that he and other officials found a way for NSA to protect private assets without breaking laws limiting the agency’s operations. The NSA could cooperate with another DOD agency with statutory authority to protect military networks, as well as with the Homeland Security Department, the only department legally allowed to work with US utilities to set up cyber defenses. Technically speaking, NSA wasn’t protecting utilities on its own, just coordinating with other organizations. But make no mistake. NSA supplied the expertise, the technology, and the personnel to do the job—all it lacked was formal control of the operations.
It’s not clear from reading Gorman’s article on Perfect Citizen whether NSA is once again only monitoring threats from abroad. We don’t know that, in large part, because there has been almost no public debate about what NSA’s role should be in cyber defense. McConnell made it clear to me that he knew the political dangers of his plan and how the headline news of a bold, new cyberinitiative would play: “NSA spies monitoring US computers for hackers.” And here we are, three years later. Will there be outrage or acquiescence?
Electric Spies
The National Security Agency wants to make sure your lights stay on—but should we let them?
It wasn’t exactly surprising to read in the Wall Street Journal Wednesday in an article by Siobhan Gorman that the National Security Agency is standing electronic watch over the country’s critical infrastructure, but the news is unsettling. This evolution in our national-security policy was only a matter of time. NSA has been itching for this job, and now, it has it. But there has been almost no debate or public discussion about letting the government into a huge swath of computer networks, much less whether it’s wise or legal.
In May 2007, former intelligence director Mike McConnell—a well known cyber warrior and a former chief of NSA—struck terror in the heart of George W. Bush when he told the President that the computer systems that run banks in this country were vulnerable to cyber attack. The President had never understood the kind of damage a determined hacker, terrorist group, or nation state could cause with a sophisticated attack on US data. Bush’s response to that new knowledge was to give McConnell what he wanted: authority to use the NSA as a front-line defender of US infrastructure.
The Department of Defense had managed to protect its internal networks by limiting the number of points where it connected to the public Internet to just 18. These off-ramps connecting the Information Superhighway to DOD’s equivalent of access roads were well guarded by NSA’s electronic sentinels. NSA had developed the capability to detect the malicious signals emitted by viruses and worms that hackers launched against computers in the US. So the agency began looking for those so-called “threat signatures” as they passed through those heavily guarded 18 points. But NSA started looking for both signatures directed at the DOD’s networks and at other systems in private hands, including electrical stations and financial organizations.
In the past, NSA was content to act like a sheriff standing guard against bandits on the edge of town. Now, under Perfect Citizen, NSA is expanding to post deputies both at the border, and at the bank, saloon and brothel as well.
When I interviewed McConnell for my book, he told me that he and other officials found a way for NSA to protect private assets without breaking laws limiting the agency’s operations. The NSA could cooperate with another DOD agency with statutory authority to protect military networks, as well as with the Homeland Security Department, the only department legally allowed to work with US utilities to set up cyber defenses. Technically speaking, NSA wasn’t protecting utilities on its own, just coordinating with other organizations. But make no mistake. NSA supplied the expertise, the technology, and the personnel to do the job—all it lacked was formal control of the operations.
It’s not clear from reading Gorman’s article on Perfect Citizen whether NSA is once again only monitoring threats from abroad. We don’t know that, in large part, because there has been almost no public debate about what NSA’s role should be in cyber defense. McConnell made it clear to me that he knew the political dangers of his plan and how the headline news of a bold, new cyberinitiative would play: “NSA spies monitoring US computers for hackers.” And here we are, three years later. Will there be outrage or acquiescence?
More>> Capital Comment Blog | News & Politics | Party Photos
Most Popular in News & Politics
What It Felt Like for a Virginia Marching Band to Win Metallica’s Contest
Meet the 2023 Washingtonians of the Year
What’s IN and OUT in DC Restaurant Trends for 2024
Introducing 8 of DC’s Most Stylish
Washingtonian Magazine
May 2024: Great Getaways
View IssueSubscribe
Follow Us on Social
Follow Us on Social
Related
13 Major Concerts and Music Festivals in the DC Area This Spring
Mary Timony on Her Emotional New Album, “Untame the Tiger”
The Beatles in DC: A New Exhibit in Maryland Looks Back on Early Beatlemania
Northern Virginia High School Wins Metallica’s Marching Band Competition
More from News & Politics
Former Fiola GM Convicted of Murder Is Now in a Netflix Docuseries
These 5 DC Traffic Cams Are Issuing the Most Tickets Right Now
Farewell to Crystal City Underground, the DC Area’s Strangest Mall
Washington DC’s 500 Most Influential People of 2024
Inside the Urgent Effort to Preserve Black Newspapers
Maryland Has Renamed an Invasive Fish. Will It Matter?
Meet the 2024 Washington Women in Journalism Award Winners
In the Doghouse: Kristi Noem and 5 Other Canine Political Scandals