It wasn’t exactly surprising to read in the Wall Street Journal Wednesday in an article by Siobhan Gorman that the National Security Agency is standing electronic watch over the country’s critical infrastructure, but the news is unsettling. This evolution in our national-security policy was only a matter of time. NSA has been itching for this job, and now, it has it. But there has been almost no debate or public discussion about letting the government into a huge swath of computer networks, much less whether it’s wise or legal.
In May 2007, former intelligence director Mike McConnell—a well known cyber warrior and a former chief of NSA—struck terror in the heart of George W. Bush when he told the President that the computer systems that run banks in this country were vulnerable to cyber attack. The President had never understood the kind of damage a determined hacker, terrorist group, or nation state could cause with a sophisticated attack on US data. Bush’s response to that new knowledge was to give McConnell what he wanted: authority to use the NSA as a front-line defender of US infrastructure.
The Department of Defense had managed to protect its internal networks by limiting the number of points where it connected to the public Internet to just 18. These off-ramps connecting the Information Superhighway to DOD’s equivalent of access roads were well guarded by NSA’s electronic sentinels. NSA had developed the capability to detect the malicious signals emitted by viruses and worms that hackers launched against computers in the US. So the agency began looking for those so-called “threat signatures” as they passed through those heavily guarded 18 points. But NSA started looking for both signatures directed at the DOD’s networks and at other systems in private hands, including electrical stations and financial organizations.
In the past, NSA was content to act like a sheriff standing guard against bandits on the edge of town. Now, under Perfect Citizen, NSA is expanding to post deputies both at the border, and at the bank, saloon and brothel as well.
When I interviewed McConnell for my book, he told me that he and other officials found a way for NSA to protect private assets without breaking laws limiting the agency’s operations. The NSA could cooperate with another DOD agency with statutory authority to protect military networks, as well as with the Homeland Security Department, the only department legally allowed to work with US utilities to set up cyber defenses. Technically speaking, NSA wasn’t protecting utilities on its own, just coordinating with other organizations. But make no mistake. NSA supplied the expertise, the technology, and the personnel to do the job—all it lacked was formal control of the operations.
It’s not clear from reading Gorman’s article on Perfect Citizen whether NSA is once again only monitoring threats from abroad. We don’t know that, in large part, because there has been almost no public debate about what NSA’s role should be in cyber defense. McConnell made it clear to me that he knew the political dangers of his plan and how the headline news of a bold, new cyberinitiative would play: “NSA spies monitoring US computers for hackers.” And here we are, three years later. Will there be outrage or acquiescence?
Electric Spies
It wasn’t exactly surprising to read in the Wall Street Journal Wednesday in an article by Siobhan Gorman that the National Security Agency is standing electronic watch over the country’s critical infrastructure, but the news is unsettling. This evolution in our national-security policy was only a matter of time. NSA has been itching for this job, and now, it has it. But there has been almost no debate or public discussion about letting the government into a huge swath of computer networks, much less whether it’s wise or legal.
In May 2007, former intelligence director Mike McConnell—a well known cyber warrior and a former chief of NSA—struck terror in the heart of George W. Bush when he told the President that the computer systems that run banks in this country were vulnerable to cyber attack. The President had never understood the kind of damage a determined hacker, terrorist group, or nation state could cause with a sophisticated attack on US data. Bush’s response to that new knowledge was to give McConnell what he wanted: authority to use the NSA as a front-line defender of US infrastructure.
The Department of Defense had managed to protect its internal networks by limiting the number of points where it connected to the public Internet to just 18. These off-ramps connecting the Information Superhighway to DOD’s equivalent of access roads were well guarded by NSA’s electronic sentinels. NSA had developed the capability to detect the malicious signals emitted by viruses and worms that hackers launched against computers in the US. So the agency began looking for those so-called “threat signatures” as they passed through those heavily guarded 18 points. But NSA started looking for both signatures directed at the DOD’s networks and at other systems in private hands, including electrical stations and financial organizations.
In the past, NSA was content to act like a sheriff standing guard against bandits on the edge of town. Now, under Perfect Citizen, NSA is expanding to post deputies both at the border, and at the bank, saloon and brothel as well.
When I interviewed McConnell for my book, he told me that he and other officials found a way for NSA to protect private assets without breaking laws limiting the agency’s operations. The NSA could cooperate with another DOD agency with statutory authority to protect military networks, as well as with the Homeland Security Department, the only department legally allowed to work with US utilities to set up cyber defenses. Technically speaking, NSA wasn’t protecting utilities on its own, just coordinating with other organizations. But make no mistake. NSA supplied the expertise, the technology, and the personnel to do the job—all it lacked was formal control of the operations.
It’s not clear from reading Gorman’s article on Perfect Citizen whether NSA is once again only monitoring threats from abroad. We don’t know that, in large part, because there has been almost no public debate about what NSA’s role should be in cyber defense. McConnell made it clear to me that he knew the political dangers of his plan and how the headline news of a bold, new cyberinitiative would play: “NSA spies monitoring US computers for hackers.” And here we are, three years later. Will there be outrage or acquiescence?
More>> Capital Comment Blog | News & Politics | Party Photos
Editors' Picks
20 People, Phenomena and Trends to Watch in Washington in 2019
Meet Britt McHenry, the Fox News Star for Millennials
Washingtonian’s Best Longreads of 2018
These Badass Bluegrass Sisters Ruled DC’s Honky-Tonk Bars
Most Popular in News
Childish Gambino and Lil Wayne Will Headline This Year’s Broccoli City Festival
Meet Britt McHenry, the Fox News Star for Millennials
Porn Viewership Spikes in DC After Government Shutdown
These Quick Getaways Will Make You Forget DC’s Cold, Gray Winter
2019 Women’s March: When It’s Happening, How to Get There, Where to Warm Up
January 2019: Winter in Washington
Related
There Are Still Six Confederate Memorials Around DC. How’s That Possible?
“Investment Layoff” Is a Masterpiece of Corporate Euphemism
Secret Service: Man Claimed to Be Jesus and Plotted to Kidnap One of the Obamas’ Dogs
The New York Times Thinks Its Readers Should Visit CityCenterDC. We Agree!
More from News
Childish Gambino and Lil Wayne Will Headline This Year’s Broccoli City Festival
Washingtonian Today: Suborn Kind of Fellow
2019 Women’s March: When It’s Happening, How to Get There, Where to Warm Up
Porn Viewership Spikes in DC After Government Shutdown
I Attended the Women’s March in 2017. Here’s Why This Year’s Feels Different.
Washingtonian Today: Chuck Schumer Goes on Twitter To Discuss…Cardi B?
Generation Z Is About to Hit DC. Here’s What Employers Need to Know.
Pranksters Hand Out Washington Post Parody Near White House