[ISN] NSA to defend against hackers

From: InfoSec News (alerts@private)
Date: Sun Sep 23 2007 - 23:56:51 PDT


http://www.baltimoresun.com/news/nation/bal-te.nsa20sep20,0,7906814.story

By Siobhan Gorman  
Sun reporter    
September 20, 2007 

WASHINGTON - In a major shift, the National Security Agency is drawing 
up plans for a new domestic assignment: helping protect government and 
private communications networks from cyberattacks and infiltration by 
terrorists and hackers, according to current and former intelligence 
officials.

 From electricity grids to subways to nuclear power plants, the United 
States depends more than ever on Internet-based control systems that 
could be manipulated remotely in a terrorist attack, security 
specialists say.

The plan calls for the NSA to work with the Department of Homeland 
Security and other federal agencies to monitor such networks to prevent 
unauthorized intrusion, according to those with knowledge of what is 
known internally as the "Cyber Initiative." Details of the project are 
highly classified.

Director of National Intelligence Mike McConnell, a former NSA chief, is 
coordinating the initiative. It will be run by the Department of 
Homeland Security, which has primary responsibility for protecting 
domestic infrastructure, including the Internet, current and former 
officials said.

At the outset, up to 2,000 people -- from the Department of Homeland 
Security, the NSA and other agencies -- could be assigned to the 
initiative, said a senior intelligence official who spoke on condition 
of anonymity.

The NSA's new domestic role would require a revision of the agency's 
charter, the senior intelligence official said. Up to now, the NSA's 
cyberdefense arsenal has been used to guard the government's classified 
networks -- not the unclassified networks that now are the 
responsibility of other federal agencies.

NSA officials declined to discuss specific programs but said 
cybersecurity is a critical component of what they do.

"We have a strong history in information assurance and national 
security," said NSA spokeswoman Andrea Martino, who added that the 
agency will continue to play a role in cyberdefense.

Homeland Security spokesman Russ Knocke said that "as the lead agency 
responsible for assuring the security, resiliency and reliability of the 
nation's information technology and communications infrastructure, our 
department is working to unify further and integrate the security 
framework for cyber operations throughout the federal government."

Since the existence of its warrantless domestic eavesdropping program 
was revealed in 2005, the NSA and other U.S. intelligence agencies have 
been mired in a controversy over domestic intelligence activities. The 
Homeland Security Department recently came under fire amid Bush 
administration plans to broadly expand the use of satellite imagery to 
assist in federal, state and local law enforcement.

Current and former intelligence officials, including several NSA 
veterans, warned that the agency's venture into domestic computer and 
communications networks -- even if limited to protecting them -- could 
raise new privacy concerns. To protect a network, the government must 
constantly monitor it.

"This will create a major uproar," predicted Ira Winkler, a former NSA 
analyst who is now a cybersecurity consultant.

"If you're going to do cybersecurity, you have to spy on Americans to 
secure Americans," said a former government official familiar with NSA 
operations. "It would be a very major step."

A former senior NSA official said the difference between monitoring 
networks in order to defend them and monitoring them to collect 
intelligence is very small.

The former officials spoke on condition of anonymity to protect 
relationships with intelligence agencies.

Another former NSA official said that if the government wants to prevent 
cyberattacks, it makes sense to tap the agency's skills.

"I've got to be able to at least look at something to determine: Do I 
have a threat or don't I have a threat?" the former NSA official said. 
"It's important that you have the best thinkers with the deepest 
experience working these problems on behalf of the nation."

O. Sami Saydjari, a cybersecurity consultant, said the privacy concerns 
are real. He said intelligence agencies should be part of the solution, 
because they have the expertise needed to develop a national 
cybersecurity system, but that privacy advocates also should be part of 
the planning process.

Computer specialists have warned for years about cyberattacks. But 
experts say efforts to guard against them have not gained momentum at 
the national level, at least in part because the public envisions a 
cyberattack as nothing more than a big computer crash.

Those who monitor such threats said the danger has grown as control 
systems for potential terrorist targets have become increasingly 
connected to the Internet.

A cyberattack could cut access to power, banking and telecommunications 
systems across much of the country, said Saydjari, president of the 
Cyber Defense Agency, a consulting firm.

"The hostile groups have caught on to most of the things we're worried 
about," said Scott Borg, director of the U.S. Cyber Consequences Unit, a 
nonprofit research institute that advises the government and the private 
sector. "It's been remarkable in the last, really, two years how much 
all these things that people like me have been worried about have been 
bit by bit rediscovered and reinvented in the hacker world."

Potential cyberattacks are being discussed in chat rooms in languages 
that include English, Arabic, Russian and Punjabi, he said. Terrorists 
and others already know many of the country's vulnerabilities, Borg 
said, adding that he is extremely concerned about the ability to hack 
into computer systems controlling nuclear power plants.

A government task force issued a stark warning this year that the threat 
of a cyberattack to U.S. infrastructure, which can be launched from a 
computer anywhere in the world, is "very real and growing rapidly." In 
June, an alleged Chinese hacking effort shut down e-mail in Defense 
Secretary Robert M. Gates' office for several days.

Simulation exercises, such as one dubbed Dark Angel and sponsored by the 
group Professionals for Cyber Defense, showed in 2003 how a cyberattack 
could shut down most of the nation's power grid, Saydjari said.

There is growing interest among hackers in capturing information on 
"smart cards" that allow access to buildings and critical computer 
systems and using that information to gain access to the system, 
according to Borg.

Cybersecurity has long been an orphaned responsibility in the federal 
government, with various agencies having some part in it. The NSA has 
largely been left out, because its focus has been on protecting military 
networks. Proposals to break off the NSA's information security branch 
and assign it a broader role beyond the intelligence agencies fell flat, 
former NSA officials say.

Amit Yoran, the Homeland Security Department's first chief of 
cybersecurity, said in an interview that while the government has made 
progress, federal efforts have been "somewhat spotty" overall.

Among the main challenges, he said, is that the Homeland Security 
Department has been given responsibility for the problem but lacks the 
authority and expertise to compel other agencies and the private sector 
to follow its lead.

The new cybersecurity effort aims to build, in part, on an existing NSA 
program, code-named Turbulence, which has had a troubled start, the 
senior intelligence official said.


__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com



This archive was generated by hypermail 2.1.3 : Mon Sep 24 2007 - 00:12:05 PDT