It wasn’t exactly surprising to read in the Wall Street Journal Wednesday in an article by Siobhan Gorman that the National Security Agency is standing electronic watch over the country’s critical infrastructure, but the news is unsettling. This evolution in our national-security policy was only a matter of time. NSA has been itching for this job, and now, it has it. But there has been almost no debate or public discussion about letting the government into a huge swath of computer networks, much less whether it’s wise or legal.
In May 2007, former intelligence director Mike McConnell—a well known cyber warrior and a former chief of NSA—struck terror in the heart of George W. Bush when he told the President that the computer systems that run banks in this country were vulnerable to cyber attack. The President had never understood the kind of damage a determined hacker, terrorist group, or nation state could cause with a sophisticated attack on US data. Bush’s response to that new knowledge was to give McConnell what he wanted: authority to use the NSA as a front-line defender of US infrastructure.
The Department of Defense had managed to protect its internal networks by limiting the number of points where it connected to the public Internet to just 18. These off-ramps connecting the Information Superhighway to DOD’s equivalent of access roads were well guarded by NSA’s electronic sentinels. NSA had developed the capability to detect the malicious signals emitted by viruses and worms that hackers launched against computers in the US. So the agency began looking for those so-called “threat signatures” as they passed through those heavily guarded 18 points. But NSA started looking for both signatures directed at the DOD’s networks and at other systems in private hands, including electrical stations and financial organizations.
In the past, NSA was content to act like a sheriff standing guard against bandits on the edge of town. Now, under Perfect Citizen, NSA is expanding to post deputies both at the border, and at the bank, saloon and brothel as well.
When I interviewed McConnell for my book, he told me that he and other officials found a way for NSA to protect private assets without breaking laws limiting the agency’s operations. The NSA could cooperate with another DOD agency with statutory authority to protect military networks, as well as with the Homeland Security Department, the only department legally allowed to work with US utilities to set up cyber defenses. Technically speaking, NSA wasn’t protecting utilities on its own, just coordinating with other organizations. But make no mistake. NSA supplied the expertise, the technology, and the personnel to do the job—all it lacked was formal control of the operations.
It’s not clear from reading Gorman’s article on Perfect Citizen whether NSA is once again only monitoring threats from abroad. We don’t know that, in large part, because there has been almost no public debate about what NSA’s role should be in cyber defense. McConnell made it clear to me that he knew the political dangers of his plan and how the headline news of a bold, new cyberinitiative would play: “NSA spies monitoring US computers for hackers.” And here we are, three years later. Will there be outrage or acquiescence?
Electric Spies
It wasn’t exactly surprising to read in the Wall Street Journal Wednesday in an article by Siobhan Gorman that the National Security Agency is standing electronic watch over the country’s critical infrastructure, but the news is unsettling. This evolution in our national-security policy was only a matter of time. NSA has been itching for this job, and now, it has it. But there has been almost no debate or public discussion about letting the government into a huge swath of computer networks, much less whether it’s wise or legal.
In May 2007, former intelligence director Mike McConnell—a well known cyber warrior and a former chief of NSA—struck terror in the heart of George W. Bush when he told the President that the computer systems that run banks in this country were vulnerable to cyber attack. The President had never understood the kind of damage a determined hacker, terrorist group, or nation state could cause with a sophisticated attack on US data. Bush’s response to that new knowledge was to give McConnell what he wanted: authority to use the NSA as a front-line defender of US infrastructure.
The Department of Defense had managed to protect its internal networks by limiting the number of points where it connected to the public Internet to just 18. These off-ramps connecting the Information Superhighway to DOD’s equivalent of access roads were well guarded by NSA’s electronic sentinels. NSA had developed the capability to detect the malicious signals emitted by viruses and worms that hackers launched against computers in the US. So the agency began looking for those so-called “threat signatures” as they passed through those heavily guarded 18 points. But NSA started looking for both signatures directed at the DOD’s networks and at other systems in private hands, including electrical stations and financial organizations.
In the past, NSA was content to act like a sheriff standing guard against bandits on the edge of town. Now, under Perfect Citizen, NSA is expanding to post deputies both at the border, and at the bank, saloon and brothel as well.
When I interviewed McConnell for my book, he told me that he and other officials found a way for NSA to protect private assets without breaking laws limiting the agency’s operations. The NSA could cooperate with another DOD agency with statutory authority to protect military networks, as well as with the Homeland Security Department, the only department legally allowed to work with US utilities to set up cyber defenses. Technically speaking, NSA wasn’t protecting utilities on its own, just coordinating with other organizations. But make no mistake. NSA supplied the expertise, the technology, and the personnel to do the job—all it lacked was formal control of the operations.
It’s not clear from reading Gorman’s article on Perfect Citizen whether NSA is once again only monitoring threats from abroad. We don’t know that, in large part, because there has been almost no public debate about what NSA’s role should be in cyber defense. McConnell made it clear to me that he knew the political dangers of his plan and how the headline news of a bold, new cyberinitiative would play: “NSA spies monitoring US computers for hackers.” And here we are, three years later. Will there be outrage or acquiescence?
More>> Capital Comment Blog | News & Politics | Party Photos
Editors' Picks
Check Out the Inspiring Personal Style (And Killer Outfits) of Nine of the Most Fashionable People in DC Right Now
Would Amazon’s HQ2 Really Be Good for Washington?
8 Day Trips to Do Every Weekend This Fall
The Man Who Sued His Trolls
Most Popular
Kavanaugh’s Character Witness Once Wrote About His Family for Washingtonian. Check Out What His Brother Wrote in to Rebut Him.
I Am Horrified That Brett Kavanaugh Used Girls From My School as a Prop
We Ate at Three of the Worst-Rated DC Restaurants on Yelp. Here’s What Happened.
The 100 Very Best Restaurants in Washington
We Are So Sorry to Tell You That the US Senate Cafeteria Is Holding a Mushroom Festival
September 2018: Style Setters
Related
There Are Still Six Confederate Memorials Around DC. How’s That Possible?
“Investment Layoff” Is a Masterpiece of Corporate Euphemism
Secret Service: Man Claimed to Be Jesus and Plotted to Kidnap One of the Obamas’ Dogs
The New York Times Thinks Its Readers Should Visit CityCenterDC. We Agree!
More from News
This New Political Board Game Is Like the DC Version of “Settlers of Catan”
Here’s How a 24-Year-Old Former House Intern Finally Got Congress to Pay Its Interns
Washingtonian Today: Supreme Court Drama, Trump Hotel Drama, Whole Foods Drama
Washingtonian Today: Once Again, Stormy