NSA Director Says More Domestic Surveillance Might Stop Foreign Hacking; Fails To Explain Why NSA Isn't Stopping Much Foreign Hacking
from the what-if-we-just-did-the-thing-we-already-do-but-not-through-the-back-door dept
Never let a good crisis go to waste. The federal government is always on the lookout for expansion opportunities and a bad actor known colloquially as “Current Events” keeps handing the government what it’s looking for.
On January 6th, a bunch of Trump fans, who thought it was possible to overturn certified election results, raided the Capitol building. Five people, including a Capitol police officer, died during the attack. This horrific event was turned into a chance to increase domestic surveillance by the incoming president, who threatened Americans with the sort of good time they’ve been afflicted with since October 26, 2001.
Domestic terrorism legislation was an administration “priority,” something that would free investigative and intelligence agencies to turn their surveillance programs inward and more directly target US citizens.
The blockbuster breach of widely-used SolarWinds network software affected dozens of federal agencies and millions of users around the world. In response to this travesty, the director of the NSA and its military counterpart CYBERCOM (Cyber Command) floated the idea of allowing the NSA (and others) to gaze inwardly at the country’s moving (computer) parts. Here’s Spencer Ackerman, writing for The Daily Beast:
“We truly need to look at the ability for us to see ourselves and right now it’s difficult for us to see ourselves,” [General Paul] Nakasone testified on Thursday to the Senate Armed Services Committee. Adversaries like China and Russia “are operating with increased sophistication, scope [and] scale, including operations that can end “before a warrant can be issued,” he warned.
“If we have a problem where we only see our adversaries when they operate outside of their country and we don’t see them when they operate inside our country it’s very difficult for us to be able to—to, as I say, connect those dots,” Nakasone said. “That’s something that—that the administration and obviously, others are addressing right now.”
The NSA thinks it doesn’t have enough visibility. And it’s true, information sharing has long been an intergovernmental problem. Information sharing between the government and private companies has also been less than ideal, largely due to the fact that the government demands more than it’s willing to share — and that includes known exploits and bugs it’s currently using to engage in worldwide surveillance.
What Nakasone is suggesting sounds like domestic surveillance of private networks to potentially thwart attacks and root out persistent threats. That doesn’t sound much like America though. And there’s no reason to believe the NSA and DoD are better qualified to do this job than the private sector. The NSA and others have suffered their own security breaches and carelessly handled sensitive tools/information. Giving up privacy (and some security) for nominal gains in “visibility” would be a really bad idea.
For what it’s worth, the NSA quickly walked back Nakasone’s statement… at least as much as it could. It claimed its director was not “advocating” for “additional authorities.” That may be true but dropping this hint in Congressional testimony is a handy way to submit a P.O. for a larger Overton Window for the NATSEC corner office.
But, more to the point, Nakasone’s testimony did not contain anything that should give anyone confidence the NSA is up to the task of thwarting foreign cyberthreats.
Nakasone did not testify that NSA or CYBERCOM was able to detect malicious campaigns like SolarWinds or Microsoft Exchange abroad before they entered American digital infrastructure, making it questionable whether expanding such detection across the domestic internet would be effective.
Hindsight is 20/20. Foresight appears to be almost nonexistent, even with the tech tools the NSA has at its disposal. If it couldn’t mitigate the damage before it turned federal agencies into unwitting honeypots for data exfiltration (and that includes the supposed securers of the Homeland, the Department of Homeland Security and its cybersecurity branch), it shouldn’t be given all access passes to domestic networks under the theory that it might be able to do marginally better with greater “visibility.”