Cybersecurity Legislation Asked for by NSA DirectorBy: Brian Powell - September 27, 2013
On Wednesday, top cybersecurity officials and government leaders met at the Billington Cybersecurity Summit in Washington, D.C. The purpose of the summit was to discuss how the federal government can partner with contracting companies in order to best protest the nation against cyber attacks.
The keynote speaker at the event was Keith Alexander, Director of the National Security Agency (NSA). Alexander’s main push was to call upon private companies to work with the federal government to help pass legislation that would urge critical infrastructure components to provide information to the federal government when they are hacked: “What we can tell you is how they went down and how bad they were, but if we can’t work with industry, if we can’t share information with them, we can’t stop it,” stated Alexander.
Alexander emphasized the fact that he believes the NSA and federal government need “shared situational awareness” in order to be effective in providing cyber security and preventing cyber attacks:
“The answer is that nobody sees it today. We don’t have that shared situational awareness we need. So we’re developing a common operational picture. If we can’t see it, we can’t respond to it. We have to do that at network speed. We have to share what we know about those threats and they have to tell us what they see. This is where Internet service providers are critical, not just here but with our allies… We have to work with industry, because we can’t see it. Right now what happens is the attack goes on and we’re brought in after the fact. And I can guarantee you 100 percent of the time we cannot stop an attack after the fact. That legislation that we’re pushing for is absolutely important for our country.”
Besides simply asking for further cooperation between private companies and the federal government in terms of information gathering, Alexander also spent much time at the conference attempting to defend the role and actions of the NSA. Alexander stated that the ethos of the program stems from the results it has had in terms of deterring domestic terrorist attacks: “It provides us the speed and agility in crises, like the Boston Marathon tragedy in April and the threats this summer.” While Alexander went on to admit that information collected by the NSA did not help identify who was behind the attacks at the Boston Marathon, he did say that it helped ensure those in New York that the attackers were not going to strike there next.
Alexander had one more interesting statement about the effectiveness of the NSA information-gathering program: “Over 950 people were killed in Kenya, Syria, Iraq, Yemen and Afghanistan, and we’re discussing more esoteric things here. Why? Because we’ve stopped the terrorist attacks here.”
First, his numbers seem to be a little off. Only 950 people have been killed in the regional violence in those 5 combined countries? 950 in what types of attacks? Secondly, what makes Alexander believe that we have stopped the terrorists here? He openly admitted that NSA surveillance did not help capture the Boston Marathon bombers. It also apparently did not help stop the Navy Yard shooting, nor did it seemingly help to warn the Kenyans that American-based al-Shabaab terrorists were going to attack their mall.
If Alexander is going to use the premise that the NSA spying program helps deter domestic and international terrorism, perhaps he should have some concrete evidence to support his claim? Just a suggestion.
Regardless of whether or not Alexander has proper evidence, all signs point to the fact that no cyber legislation is going to pass soon. Not only is the docket in D.C. full of more pressing issues (such as the looming shutdown), there has been too much negative publicity toward the NSA due to the Edward Snowden scandal. The American people do not trust the NSA to properly gather appropriate information (and they have reason not to), and Congress is not willing to create even more negative publicity for themselves by pushing for more cybersecurity legislation: “In recent months, a perfect storm — from the Snowden leaks to subsequent domestic and international crises — enveloped comprehensive cybersecurity legislation, significantly curtailing its prospects of passage in the near future,” stated Democratic Representative Gerry Connolly.
Image via Wikimedia Commons