NSA Official: "Almost Immoral" for Government Not to Protect Companies’ Cyber Networks

Intelligence agency has "found some appalling things" when examining the security of corporate networks.

In a rare public appearance, a senior intelligence official who has worked on the front lines of securing Defense Departments computer networks said it would be “almost immoral” for the DOD to focus on protecting itself and not apply that expertise to the commercial sector. 

Speaking at a conference in Washington on Tuesday, Charles Berlin, the Director of the National Security Operations Center at the National Security Agency, said, “The mission of the Department of Defense” is not merely to protect the department. “It’s to protect America.” 

“I’ve been on the ramparts pouring boiling oil on the attackers for years,” Berlin said, referring to NSA’s efforts to repel intrusions into DOD and military networks, which have been broadly successful. But he sounded frustrated that there weren’t more ways for his agency to protect the country as a whole. “At the present time, we’re unable to defend America,” Berlin said. 

The operations center that Berlin runs is the heart of the NSA’s efforts to provide early warning about threats, including to information networks. Berlin said the NSA was looking for ways to take the skills it has developed in the government and “apply [them] to the private sector.” 

But many executives, as well as lawmakers and privacy advocates, are uneasy about the NSA, which is a military organization that spies on foreign countries and terrorists, taking on a larger role protecting private networks inside the United States. 

Currently, the Homeland Security Department, a civilian agency, has the legal authority to provide companies with warnings about cyber attacks. But much of that intelligence comes from the NSA. The agency does not work directly with all American companies. And yet, it is undoubtedly the reservoir of expertise in government for how to defend networks from potentially devastating assaults. Of particular concern to the Obama administration are threats against critical infrastructure, such as public utilities and the financial sector networks, as well as industrial espionage by hackers in China. 

“There needs to be a team effort” to protect private networks, Berlin said. He noted that the NSA had been invited to examine the networks of some companies and “found some appalling things” in how they were being run. For example, Berlin said he knew of US defense contractors doing business in China and Korea that had not taken relatively easy and practical steps to raise the defenses of their networks and protect proprietary information. That’s troubling to the NSA since defense contractors have secret government information on their networks, which makes them a frequent target of cyber spies.   

Berlin spoke at a conference sponsored by SAS, a business analytics software and services company.