NSA Ill-Suited For Domestic Cybersecurity Role

Hugh Pickens writes "Former CIA counterterrorism analyst Stephen Lee has an interesting article in the Examiner asserting that the National Security Agency is 'a secretive, hidebound culture incapable of keeping up with innovation,' with a history of disregard for privacy and civil liberties. Lee says that for most of its sixty-year history, the NSA has been geared to cracking telecom and crypto gear produced by Soviet and Chinese design bureaus, but at the end of the cold war became 'stymied by new-generation Western-engineered telephone networks and mobile technologies that were then spreading like wildfire in the developing world and former Soviet satellite countries.' When the NSA finally recognized that it needed to get better at innovation, it launched several mega-projects, tagged like 'Trailblazer' and 'Groundbreaker,' that have been spectacular failures, costing US taxpayers billions. More recently, the NY Times reported that the NSA has been breaking rules set by the Obama administration to peer even more aggressively into American citizens' phone traffic and email inboxes. Whistleblower reports portray NSA domestic eavesdropping programs as unprofessional and poorly supervised, with intercept technicians ridiculing and mishandling recordings of citizens' private 'pillow talk' conversations. Lee concludes that 'if the Federal government must play a role, then Congress and President Obama should turn to another agency without a record of creating mistrust — perhaps even a new entity. Meanwhile, NSA should focus on listening in on America's enemies, instead of being an enemy of Americans and their enterprises.'"

why NSA shouldn't be used for defense

[SethJohnson]

The problem with the NSA is that it is part of the intelligence structure. If you insert them as a defensive player, more often than not, they will take absolutely NO action in order to protect their spying capabilities.

At present, nobody knows exactly what the reach is of the NSA. Nobody knows what they can and can't hear. If you task them with defending assets, each probe or attack reveals new information about what the NSA has at their disposal, depending on what the response is. I really don't think the NSA is willing to compromise the secrecy of its capabilities in order to thwart hackers.

Seth

Shrink 'em

[Anonymous Coward]

Here's an idea: if the NSA has gotten to the point that even the White House or Congress can't control them, cut off their funding altogether and wish their employees good luck finding jobs. Create a new, much smaller NSA that has the authority to do one thing and only one thing: handle security for other government agencies, such as setting minimum standards for TOP SECRET transmission.

Re:Good Luck with That

[Narpak]

I always thought the Americans loved bureaucracy and redundancy. Police, FBI, US Marshall's, NSA, Homeland Security, CIA (and probably others that haven't yet been depicted in a major motion picture); I am sure their money is well spent funding all these agencies; especially those with overlapping jurisdictions.

Re:Like who?

[Panaflex]

There's a reason they operate in total secrecy - the information the NSA gathers is largely useless for domestic security purposes. But for commercial, political and legal purposes that information could be a deadly weapon.

They're administered by the DOD. Unlike civilian operations, such as the FBI, NSA personnel very face real consequences for leaking information to the public. I don't know of any agency that has maintained such a degree of secrecy.

How would you propose we protect such information, when operating under a civilian agency? How would you prevent such an agency and its personnel from being swayed under political influence, bribery and corruption, while operating in an open environment?

I'm totally open to any credible suggestions - I just don't know how you can dig through trillions of personal & commercial messages, keep it all safe, and fund it without building a duplicate of the current NSA.

SELinux anyone?

[Suzuran]

I don't see the CIA contributing any code to us.

If the CIA wants the NSA to stay out of domestic security, I say they can prove it by putting their programmers where their mouth is. All I'm seeing from my point of view is the NSA doing a lot of contributing and the CIA doing a lot of bitching.

Re:We want a competent domestic spying agency?

[Deanalator]

That's not the complaint at all. If we had an agency actually geared for domestic cyber security, in theory, they would be able to crack down on NSA agents that have far over-reached their duties. I think it would be nice to have an agency more modeled after the FDA etc, auditing corporate networks the way FDA audits new food/drug products that are coming on to the market. If a company fails an audit, they receive a large fine, and just like the FDA does with research labs, companies need to be ready to be audited at any time. Any company with a business license and an Internet presence should be required to adhere at least to a minimum set of best practices.

Re:NSA more innovative than the DoD

[Brian Stretch]

the National Security Agency is 'a secretive, hidebound culture incapable of keeping up with innovation,

Yeah, right. That's why the NSA-proprietary software actually works and the rest of the DoD is "innovating" by wasting billions of dollars on contractor-developed software that doesn't work. Maybe he thinks innovation means cutting off USB ports like the Army has done?

And Lee just happens to work (or have worked) for such contractors. Gee, what a coincidink...