Slashdot Mirror
NSA to Become Government Net 'Traffic Cop?'
OriginalArlen writes "The NSA may be appointed 'Internet traffic cop', overseeing data sharing among US government agencies for Homeland Security, according to an A.P. report on SecurityFocus. Apparently the aim is to improve security of all government networks." This would seem to follow in the footsteps of creating the Department of Homeland Security, since the aim is to enable better sharing of data between government institutions.
I'll karma whore and help you out at the same time...
The article:
White House may make NSA the 'traffic cop' over U.S. computer networks
By Ted Bridis, The Associated Press Feb 14 2005 1:28PM
The Bush administration is considering making the National Security Agency -- famous for eavesdropping and code breaking -- its "traffic cop" for ambitious plans to share homeland security information across government computer networks, a senior NSA official says.
Such a decision would expand NSA's responsibility to help defend the complex network of data pipelines carrying warnings and other sensitive information. It would also require significantly more money for the ultra-secret spy agency.
The NSA's director for information assurance, Daniel G. Wolf, was expected to outline his agency's potential role during a speech Wednesday at the RSA technology conference in San Francisco. In an interview preceding his speech, Wolf told The Associated Press that computer networks at U.S. organizations are like medieval castles, each protected by different-size walls and moats.
As the U.S. government moves increasingly to share sensitive security information across agencies, weaknesses inside one department can become opportunities for outsiders to penetrate the entire system, Wolf warned. Attackers could steal sensitive information or deliberately spread false information.
"If someone isn't working on being a traffic cop, giving guidance on how secure they need to be, a risk that is taken by one castle is really shared by other castles," Wolf said. "Who's defining the standards? Who says how high the walls should be?"
The NSA already helps protect systems deemed vital to the nation's security, such as those involved in intelligence, cryptography and weapons. Wolf said the administration is considering whether to designate its fledgling information-sharing efforts also under the NSA's purview.
The White House Office of Management and Budget currently directs efforts by civilian agencies to secure their computer networks.
The NSA's information security programs are highly regarded among experts. "Bring it on. This clearly ought to be done," said Paul Kurtz, a former White House cybersecurity adviser and head of the Washington-based Cyber Security Industry Alliance, a trade group. "This will raise the bar across the federal government to a far more secure infrastructure."
Congress has directed the NSA and the Department of Homeland Security to study the architecture and policies of computers for sharing sensitive homeland security information.
In the latest blueprint for U.S. intelligence spending, lawmakers warned that attackers always search for weak links and that connecting distant systems "will further increase the vulnerability of networks that originally were developed to be susbstantially isolated from one another."
It's unclear how the NSA's efforts would affect private companies, which own and operate many of the electrical, water, banking and other systems vital to government. Wolf said the agency already works to secure such systems important to military installations, but he denied that NSA would have any new regulatory authority over private computers.
"When we talk about being the traffic cop, we're not in charge of these networks," Wolf said. "We're not running these networks."
It also was unclear how much the effort might cost.
"If you're going to have a network that everyone in government can get into, that means some agencies are going to have to come up to meet new, higher standards, and that's expensive," said James Lewis, director of technology policy at the Center for Strategic and International Studies, a conservative think-tank.
You have that backwards. The NSA monitors communications going in and out of the United States. The CIA is the foreign spy network. They're the ones monitoring foreign countries.
I'm all for NSA making these classified networks more secure.
"I never could come to grips with creating a Department of Homeland Security when we already had a National Security Agency."
The National Security Agency's mandate is nothing at all like DHS's. Not even similar. If you thought about this for three seconds more, you would have also realized that NSA cannot, by law, conduct surveillance on US citizens or on US territory. This would prevent them from doing criminal investigations of any sort, wouldn't it?
This is basically akin to asking why we need the FBI when we have the CIA. The organizations have the same general goal (protect the citizens of the United States), but are supposed to be doing two entirely different things.
-Erwos
Plausible conjecture should not be misrepresented as proof positive.
I never could come to grips with creating a Department of Homeland Security when we already had a National Security Agency. It seems more like Bush had more out-of-work friends than he had positions to appoint them to.
This is not interesting, this is a political troll. DHS focuses strictly on what its name says: domestic stuff. The NSA, traditionally, is tasked with listening in on those international communications that would imply threats to our interests. The NSA happens to be the best technical match (in terms of expertise and capacity) for helping to secure inter-agency networking, specifically to help keep that info from being cracked. It's a good fit.
On a side note, has anyone else heard that the entrance to the DHS building is in an alley, and the entire office space is about as big is the lobby of the CIA HQ?
That's mostly myth, of course. But the real point is that the CIA's Virginia HQ is a place where thousands of people actually perform analysis and publishing work. The DHS people are more supervisory, and coordinate the domestic security work that's done elsewhere (say, at the TSA).
Don't disappoint your bird dog. Go to the range.
Not really. If you read the 9/11 Commission Report it's pretty clear that the communications were pretty fouled up. It wasn't clear until after flight 93 went down how many aircraft had been hijacked, and what was being done about it.
Best Slashdot Co
There's No Such Agency.
When did the future switch from being a promise to a threat? -C. Palahniuk
While the information made it to decision makers in some form, acting on every threat would be impractical. How many other reports did decision makers get that turned out to be invalid? Hind sight is always much clearer.
As for data sharing, the problem isn't technical rather it's a policy issue. "It's reorganizing leadership." - Leadership can be blamed, but it's not only at the top level as your statement about "The president did nothing about it." indicates. Each agency tends to consider their "secrets" to be more important than other agencies "secrets". Many people are responsible at various levels in the intelligence gathering process and placing blame on a single person, the president in your case, is not realistic. Many of the policies to protect information have been in place for quite a bit of time. DHS has the task of breaking down these barriers and will hopefully lead to better communication, but even with that, determining which threats are truly credible will still be a judgement call at various levels.
That's because you don't understand what NSA does.
r tm ent_of_Homeland_Security
"The National Security Agency (NSA) is a United States government agency responsible for both the collection and analysis of message communications, and for the security of government communications against similar agencies elsewhere. It is a part of the Department of Defense. Its eavesdropping brief includes radio broadcasting, both from organizations and individuals, the Internet, and other intercepted forms of communication, especially confidential communications. Its secure communications brief includes military, diplomatic, and all other sensitive, confidential or secret government communications."
http://en.wikipedia.org/wiki/NSA
"The United States Department of Homeland Security (DHS) is a Cabinet department of the federal government of the United States that is concerned with protecting the American homeland and the safety of American citizens. This department was created primarily from a conglomeration of existing federal agencies in response to the terrorist attacks of September 11, 2001."
http://en.wikipedia.org/wiki/United_States_Depa
Office of the Secretary
Directorate of Border and Transportation Security
Transportation Security Administration
U.S. Customs and Border Protection
U.S. Immigration and Customs Enforcement
Federal Law Enforcement Training Center
Directorate of Emergency Preparedness and Resonse
Federal Emergency Management Agency
Directorate of Information Analysis and Infrastructure Protection
National Cyber Security Division
Directorate of Science and Technology
U.S. Citizenship and Immigration Services
U.S. Coast Guard
U.S. Secret Service
You are wrong, the NSA's first goal is to break enemy cyphers, but a strong second goal is to keep our own cyphers secure. Witness the tweak to the DES sbox selection, it made DES more secure against a class of attacks that the civilian sector wouldn't reinvent for several decades. It makes sense to have your people that know the most about security and breaking into secure systems establish the practices for other agencies to follow, now having them actually enforce said policies is another matter. It might lead to hostility as well as turf wars between the NSA and other branches of the security sector.
Finally, from their own mission statement page.
The Information Assurance mission provides the solutions, products, and services, and conducts defensive information operations, to achieve information assurance for information infrastructures critical to U.S. national security interests.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
I'd say that making sure the government communications are secure is part of the NSA's job.
They usually screen the ciphers to be used so they are secure enough (like DES and AES).
Also SELinux (although it started as a semi-independent project) seems to show that security is indeed part of its task. They made SELinux to make a point about the need for mandatory controls, and to make others adopt MAC, enhancing security in the process.
They probably develop ciphers and hardware for government use, too. Although I have no data on that, it is known that GCHQ (the british counterpart of the NSA) worked on public key encryption taking a security point of view (instead of an attacker's POV), that can be seen on J. H. Ellis' paper (PDF link). Nice reading material BTW. Very easy to understand even for nontechnical people and IMHO very insightful.
GPG 0x1B479C78
I know some folks who work in the IAD (Information Assurance Directorate) at the NSA, and rest assured they are VERY smart and VERY geeky. All of them love ST:TNG. As far as I know (I have no clearance), they do threat and vulnerability assessment, and these guys have Penetration Testing teams that make anyone else look like script kiddies.
Excuse my nitpicking, but you probably mean Cryptography and Cryptanalysis, which together form the field of Cryptology.
a) US citizen
b) Known permanent resident alien
c) Unincorporated association substantially composed of US citizens or resident aliens
d) Corporation is it is incorporated in the US and non directed or controlled by a foreign government.
The NSA is not allowed to collect on any of those entities; see Executive Order 12333 and USSID 18. Of course, there are exceptions, which keep getting broader and more numerous. But if you're a US citizen, you can be reasonably sure that the NSA is not collecting on you.
Just because you sold your soul to the devil that needn't make you a teetotaler. --The Devil and Daniel Webster
Correction to parent post:
"NSA did not have jurisdiction to spy on USA
citizens on USA soil."
That is why the ECHELON project was started.
The British spy on USA citizens, the USA spys
on Canadian citizens, the Canadians spy on the
Australian citizens, and the Australians spy on
the British citizens (or some other variation
thereof). That way, no one country can be
charged directly with spying on its own citizens,
but all the information goes into the black bag.
Today, however, the USA has the USA Patriot Act,
so the government can do what it damn well wants,
when it wants, and how it wants. This is also
why the Intelligence Reform law places more (and
new) powers for domestic surveillance in the
hands of the Department of Defense (rather than
the FBI). Because Dubya?Co can get away with it,
and because that is the way "Rummy" likes it.
Besides, both the CIA and the NSA have been using
a portion of their undisclosed funding to buy up
US shell companies as fronts for aggregating
their domestic footprint. CEOs are ex-military,
ex-intelligence, or ex-government types who have
regularly crossed the "Chinese Wall" between
government and commercial ventures. This is
part of what President Dwight Eisenhower warned
the public about 45 years ago regarding the
military-industrial complex.
If you don't like it, try teleporting into one
of the other dimensions, because that is the way
it is, and even your vote will not get you any
reprieve from this reality.