ONOX HILL, Md. – More than a year after Edward Snowden leaked confidential information about the breadth of the National Security Agency's domestic intelligence-gathering, the former head of the NSA staunchly defended the agency's actions while advocating for enterprises to adopt the computing paradigm that helps keep the NSA's systems secure.
There is no evidence that the NSA used bulk data for any purpose other than identifying and disrupting terrorist attacks.
Keith B. Alexander,
Retired U.S. Army General
In a keynote address Tuesday at the 2014 Gartner Inc. Security & Risk Management Summit, retired U.S. Army General Keith B. Alexander, who led the NSA for nearly nine years and since 2010 the U.S. Cyber Command as well, said the NSA's bulk metadata collection programs are vital to U.S. efforts to thwart terrorism, support U.S. military operations and ultimately keep Americans safe.
Alexander referenced the growing violence around the world, specifically citing more than 1,700 executions at the hands of the Islamic State Iraq and Syria (ISIS), and commonplace terror events in places like Yemen, Somalia, Northern Africa, Afghanistan and Pakistan.
He also cited data from the University of Maryland, which reported that in 2013 there were more than 11,000 terror attacks around the world and more than 20,000 deaths as a result.
"It's not getting better. It's getting worse," Alexander said of global terrorism. "The deaths have almost doubled in a year, and we're going to see even greater numbers this year."
Alexander then drew a contrast between those events and the vastly better security the U.S. enjoys as a nation. While he didn't specifically say that the NSA's metadata collection programs are the reason for that relative tranquility, he said it's no coincidence.
"That's caused by people like our wounded warriors, law enforcement and the intelligence community working together to protect our country and its allies," Alexander said. "Freedom is not free."
Alexander said the leaks by Snowden, a former NSA contractor who used his insider privileges to gain access to thousands of pages of material detailing the NSA's surveillance and data-collection programs, will be devastating for the U.S. and its allies in Europe.
"Some of the things we've used, the tools, to stop terrorists in the past, they're learning from it," Alexander said, specifically referencing how, according to European intelligence agencies he did not name, the shopping mall attack in Kenya last September demonstrated how terrorists were altering their tactics to avoid alerting the NSA in the wake of the Snowden incident.
"The Westgate Mall attacks were things we didn't see coming, when in the past we had seen them," Alexander said, "so they either learned from these leaks or ironically changed their tactics right at the same time."
Alexander spent several minutes explaining in detail how, during the past year, the NSA has been vetted by everyone from the White House and Congress to the federal courts and the American Civil Liberties Union, all of which have reaffirmed that the NSA follows clearly established protocols to protect ordinary people.
"There is no evidence that the NSA used bulk data for any purpose other than identifying and disrupting terrorist attacks," Alexander said. "We have set up a framework and have a very public discussion so there is no misperception. If you have a problem with the NSA, the problem isn't actually with NSA; it's with what we've asked them to do.
"In my opinion, it's effective, it's legal and it's important," Alexander continued. "When we lose those capabilities, some of the things that we have tried to prevent are going to happen. I'd rather be in here explaining what we're doing than explain why another 9/11 occurred. These are the things we're wrestling with today, and what we'll be wrestling with for the rest of the decade."
Cloud-based thin client model enables security
Alexander also urged enterprise security professionals to adopt a computing model in which traditional "thick" client computers are replaced with thin clients that use computing power and applications provided by a central cloud-based infrastructure.
While the model may be a throwback to the underlying paradigm of decades-old mainframe systems, Alexander said he became convinced of the security superiority of this model during the NSA's work helping to secure the Department of Defense's computer network.
Through that work, Alexander said, it quickly became clear that the DoD network, with more than 15,000 different sub-networks, was simply too large and had too many distributed resources to be defended effectively.
The NSA faced similar problems, he added, noting that during much of his time leading the NSA he had three or four separate computers in his office, each of which was needed to access a separate network.
The NSA completed its transition to a cloud/thin client model near the end of his time with the agency, and Alexander said it not only improved security, but also resulted in a savings of 500 million dollars in addition to improved service.
While some may believe that architecture actually makes it easier for attackers to steal sensitive data because it all resides in one place, Alexander said today's distributed architectures in which sensitive data commonly resides on endpoints actually poses a far greater security risk.
"Bad guys can get in there and navigate at network speed, and sysadmins struggle to defend it… and when you try to define what's going on in the network, it's really hard to do it," Alexander said. "From my perspective, there are a lot of things we need to talk about on defensible architectures, but I think cloud computing is the way to go."