It wasn’t exactly surprising to read in the Wall Street Journal Wednesday in an article by Siobhan Gorman that the National Security Agency is standing electronic watch over the country’s critical infrastructure, but the news is unsettling. This evolution in our national-security policy was only a matter of time. NSA has been itching for this job, and now, it has it. But there has been almost no debate or public discussion about letting the government into a huge swath of computer networks, much less whether it’s wise or legal.
In May 2007, former intelligence director Mike McConnell—a well known cyber warrior and a former chief of NSA—struck terror in the heart of George W. Bush when he told the President that the computer systems that run banks in this country were vulnerable to cyber attack. The President had never understood the kind of damage a determined hacker, terrorist group, or nation state could cause with a sophisticated attack on US data. Bush’s response to that new knowledge was to give McConnell what he wanted: authority to use the NSA as a front-line defender of US infrastructure.
The Department of Defense had managed to protect its internal networks by limiting the number of points where it connected to the public Internet to just 18. These off-ramps connecting the Information Superhighway to DOD’s equivalent of access roads were well guarded by NSA’s electronic sentinels. NSA had developed the capability to detect the malicious signals emitted by viruses and worms that hackers launched against computers in the US. So the agency began looking for those so-called “threat signatures” as they passed through those heavily guarded 18 points. But NSA started looking for both signatures directed at the DOD’s networks and at other systems in private hands, including electrical stations and financial organizations.
In the past, NSA was content to act like a sheriff standing guard against bandits on the edge of town. Now, under Perfect Citizen, NSA is expanding to post deputies both at the border, and at the bank, saloon and brothel as well.
When I interviewed McConnell for my book, he told me that he and other officials found a way for NSA to protect private assets without breaking laws limiting the agency’s operations. The NSA could cooperate with another DOD agency with statutory authority to protect military networks, as well as with the Homeland Security Department, the only department legally allowed to work with US utilities to set up cyber defenses. Technically speaking, NSA wasn’t protecting utilities on its own, just coordinating with other organizations. But make no mistake. NSA supplied the expertise, the technology, and the personnel to do the job—all it lacked was formal control of the operations.
It’s not clear from reading Gorman’s article on Perfect Citizen whether NSA is once again only monitoring threats from abroad. We don’t know that, in large part, because there has been almost no public debate about what NSA’s role should be in cyber defense. McConnell made it clear to me that he knew the political dangers of his plan and how the headline news of a bold, new cyberinitiative would play: “NSA spies monitoring US computers for hackers.” And here we are, three years later. Will there be outrage or acquiescence?
More>> Capital Comment Blog | News & Politics | Party Photos
Electric Spies
It wasn’t exactly surprising to read in the Wall Street Journal Wednesday in an article by Siobhan Gorman that the National Security Agency is standing electronic watch over the country’s critical infrastructure, but the news is unsettling. This evolution in our national-security policy was only a matter of time. NSA has been itching for this job, and now, it has it. But there has been almost no debate or public discussion about letting the government into a huge swath of computer networks, much less whether it’s wise or legal.
In May 2007, former intelligence director Mike McConnell—a well known cyber warrior and a former chief of NSA—struck terror in the heart of George W. Bush when he told the President that the computer systems that run banks in this country were vulnerable to cyber attack. The President had never understood the kind of damage a determined hacker, terrorist group, or nation state could cause with a sophisticated attack on US data. Bush’s response to that new knowledge was to give McConnell what he wanted: authority to use the NSA as a front-line defender of US infrastructure.
The Department of Defense had managed to protect its internal networks by limiting the number of points where it connected to the public Internet to just 18. These off-ramps connecting the Information Superhighway to DOD’s equivalent of access roads were well guarded by NSA’s electronic sentinels. NSA had developed the capability to detect the malicious signals emitted by viruses and worms that hackers launched against computers in the US. So the agency began looking for those so-called “threat signatures” as they passed through those heavily guarded 18 points. But NSA started looking for both signatures directed at the DOD’s networks and at other systems in private hands, including electrical stations and financial organizations.
In the past, NSA was content to act like a sheriff standing guard against bandits on the edge of town. Now, under Perfect Citizen, NSA is expanding to post deputies both at the border, and at the bank, saloon and brothel as well.
When I interviewed McConnell for my book, he told me that he and other officials found a way for NSA to protect private assets without breaking laws limiting the agency’s operations. The NSA could cooperate with another DOD agency with statutory authority to protect military networks, as well as with the Homeland Security Department, the only department legally allowed to work with US utilities to set up cyber defenses. Technically speaking, NSA wasn’t protecting utilities on its own, just coordinating with other organizations. But make no mistake. NSA supplied the expertise, the technology, and the personnel to do the job—all it lacked was formal control of the operations.
It’s not clear from reading Gorman’s article on Perfect Citizen whether NSA is once again only monitoring threats from abroad. We don’t know that, in large part, because there has been almost no public debate about what NSA’s role should be in cyber defense. McConnell made it clear to me that he knew the political dangers of his plan and how the headline news of a bold, new cyberinitiative would play: “NSA spies monitoring US computers for hackers.” And here we are, three years later. Will there be outrage or acquiescence?
More>> Capital Comment Blog | News & Politics | Party Photos
Must-Reads
Take Our Restaurant Survey and You Could Win Dinner at a Mike Isabella Restaurant
10 Fall Festivals Near DC That You Don’t Want to Miss
Washingtonian’s Great Places to Work Application
DC is Getting an All-Male Burlesque Brunch
September 2016: How to Dress in DC
More from News & Politics
Photos and Scenes From the African American History Museum’s Opening Day
How History Museums Around the US Have Presented the African American Experience
Frederick Could Be an Urban Suburb of DC–Unless Its Good Ol’ Boy Past Gets in Its Way
Road Closures, Traffic Detours, and Security Information for the African American History Museum Opening
FDR Defended His Dog During a Campaign Speech in DC
DC’s Most Popular Baby Names Over the Years
How One Writer Told the Story of the New African American History Museum
The National Archives Just Released These GIFs of Old-Time DC—and They’re Awesome
Most Popular
100 Very Best Restaurants
The Best Cheap Restaurants in Washington, DC
Here’s What Happens When You Order Wine by the Spoon at the Trump Hotel
Meet 10 Washingtonians Who Are Changing What It Means to Dress Well in DC
Barton Gellman Hits Washington Post’s “Passive Aggressive Critique” of Its Own Snowden Reporting