NSA seeks tighter ties to tech despite issues of data-sharing
The National Security Agency's director of information assurance said the "way to achieve confidence in cyberspace" is to increase collaboration between the government and the high-tech industry—remarks that rang ironic given former NSA contractor Edward Snowden's revelations about how NSA works with industry.
NSA documents leaked by Snowden showed that the NSA's goal is to build backdoors into commercial products and weaken encryption to make it easier for surveillance, allegations that the U.S. government has not even tried to refute. When asked about that today, NSA director of information assurance Debora Plunkett, who gave the keynote address at the New York Institute of Technology Cyber Security Conference in New York City, flatly refused to discuss the topic. But her keynote address was intended to get hardware and software vendors to work in ever-closer partnership with the NSA.
Cyberattacks that could take electricity grids offline and disrupt transportation systems are possible, Plunkett said in her keynote, pointing out the destructive attack that hit Saudi Aramco last year and impacted data systems there.
It's a simple matter to hire hacking services to carry out attacks such as denial-of-service, she said, and the fear now is of "integrity attacks" that would destroy or alter critical data. These are all "cyber security challenges," she noted, and the government today is largely dependent on commercial hardware and software for which the NSA itself cannot "provide indemnification." NSA's needs industry's help, she said.
Plunkett said "we have to have a community come together" to collaborate on security in mobility and the cloud especially. The NSA expects that the future of network security lies in "more automated cyber defense" based on "large-scale automation" that would reduce the need for manpower where there would be more real-time sharing of findings. She said there's a need for collaboration with ISPs and hardware companies to achieve all of this. "We have to build a close partnership," she said, adding, there can be "confidence in cyberspace" if "we stay the course."
Plunkett is a 29-year veteran of the NSA who worked her way up through the ranks to have a hand in guiding strategic direction for the agency, which carries out surveillance to help defend the country against cyberthreats.
But NSA documents recently leaked by Snowden show that the NSA views its partnership with industry in part as a way to subvert security in commercial products and services to make cyber-spying easier. This revelation casts NSA's call for industry partnership and its insistence that there can be "confidence in cyberspace" in a questionable light.
Other presentations made at the Cyber Security Conference suggested how cyberattacks are disrupting U.S. businesses.
Andre McGregor, FBI special agent at the New York Cyber Branch, said he has been involved in countless investigations related to cyber intrusions at both large and small companies. He said it sometimes surprised him to find that even at the largest companies, there was inadequate use of the security defense based on the technology acquired for that very purpose.
When attackers steal the most important network credentials to a network, they basically own it, and "it's their network, they're just letting you use it," McGregor said.
The FBI has had notable successes, such as bringing down the part of the Anonymous group led by the hacker known as Sabu, McGregor said. He added that Sabu was one of the smartest people he's ever seen in terms of technology. He said he wished this kind of intelligence would be better put to use to protect networks.