SurveillanceNSA revelations hobble pursuit of a comprehensive cyberdefense initiative
NSA director General Keith Alexander has proposed a digital version of Ronald Reagan’s space-based Star Wars missile defense program, which Reagan unveiled in 1983. In Alexander’s vision, when a cyberattack is launched at the United States, the defense system would intercept and thwart the attack before it caused any damage. Intercepting a cyberattack would require the NSA to tap, track, and scan all cyber traffic entering the United States. The technology needed to intercept cyberattacks, however, is strikingly similar to the technology the NSA uses for the types of surveillance Snowden exposed. Post-Snowden, it is doubtful that the administration would pursue a comprehensive cyberdefense initiative, or that lawmakers would accept it.
Edward Snowden’s revelation of the NSA PRISM program may have dealt a blow to the agency’s effort to establish a digital defense program which would prevent cyber attacks on the United States.
The New York Times reports that NSA director General Keith Alexander proposed a digital version of Ronald Reagan’s space-based Star Wars missile defense program, which Reagan unveiled in 1983. In Alexander’s vision, when a cyberattack is launched at the United States, the defense system would intercept and thwart the attack before it caused any damage. Intercepting the cyberattack would require the NSA to tap, track, and scan all cyber traffic entering the United States. The technology needed to intercept cyberattacks, however, is strikingly similar to the technology the NSA uses for the types of surveillance Snowden exposed.
Administration officials say the plan has virtually no chance of moving forward given the public outcry over recent disclosures about the NSA programs. “The plan was always a little vague, at least as Keith described it, but today it may be Snowden’s biggest single victim,” one senior intelligence official said, referring to Snowden’s revelations. “Whatever trust was there is now gone,” the official added. “I mean, who would believe the N.S.A. when it insists it is blocking Chinese attacks but not using the same technology to read your e-mail?”
The NSA has reported that the agency “touches about 1.6 percent” of all Internet communication, most in the form of e-mails, and that the agency closely examines only a fraction of the available information. General Alexander’s cyberdefense plan would, however, extend the agency’s access to a much larger range of communication. The proposal calls for the NSA to scan traffic that runs through communication pipes from the largest Internet service providers, companies like AT&T and Verizon. “It’s defense at network speed,” General Alexander told a Washington security-research group recently, according to participants. “Because you have only milliseconds.”
At the meeting, which discussed issues such as the wave of daily cyberattacks directed American networks, Chinese efforts to steal corporate secrets, and the Iranian efforts to undermine and disrupt U.S. financial institutions, General Alexander said: “I can’t defend the country until I’m into all the networks.”The program’s ability to block malware before it reaches businesses, individuals, and critical infrastructure has appeal to some Americans. Most antivirus programs used in universities, companies, and by individuals are outdated, slow to respond to attacks, or require constant uploads of latest versions and updates. The NSA has been testing a model for a defense against cyberattacks with major defense contractors including Lockheed Martin, Boeing, and Raytheon. While results were at first disappointing, participants in the highly classified program are seeing improvements. With the Obama administration divided, and faced with a backlash against the NSA in Congress, a formal plan for national cyberdefense is unlikely to be submitted soon. What is certain is further discussion about the U.S. preparedness for cyberattacks and how far Americans are willing to recalibrate the balance between privacy and security.