NSA does not want to run cybersecurity, director says |
 |
By Michael S. Mimoso, Editor, Information Security magazine
21 Apr 2009 | SearchSecurity.com |
|
|
SAN FRANCISCO -- It didn't take National Security Agency Director Lt. General Keith B. Alexander very long to lay it out there: NSA does not want to run cybersecurity for the United States government.
Instead, Alexander went to great lengths during his keynote Tuesday at the 2009 RSA Conference to push for a collaborative effort among the Department of Homeland Security, defense and intelligence agencies, U.S. allies, and even academia and private industry.
Alexander's keynote took place a day before the first public details on the 60-day cybersecurity review of federal and critical networks conducted by Melissa Hathaway are revealed. Hathway's scheduled Wednesday RSA keynote is expected to explain the need for the review and the work that went into it, though few recommendations are likely to be revealed.
Some experts, meanwhile, have been vocal about their apprehension regarding the possibility that responsibility for cybersecurity could end up with the intelligence community. Those experts are fearful the intelligence community would overstep its bounds, especially around surveillance of email and other communications.
Alexander tried to dispel reports about information collected by the agency and how it's used, instead stressing the agency's commitment to preserving civil liberties and privacy in the process.
|
| SearchSecurity.com: |
| To get security news and tips delivered to your inbox, click here to sign up for our free newsletter. |
|
|
|
|
"There are laws and rules we follow," Alexander said, pointing toward Executive Order 12333, which defines how foreign intelligence is collected, and the Foreign Intelligence Surveillance Act, which explains how intelligence is collected in the United States on foreign targets. "Yes, we have made mistakes, and when we do, we self-report to our overseers. We tell people what we did, how it happened and what we're going to do to fix it."
The game-changing issue, Alexander said, is that national security efforts, law enforcement and public safety, and the country's economic prosperity all hinge on the safety and security of the Internet. Compounding the severity of the issue are the combined cyberattacks on critical infrastructure in Estonia and Georgia that were used in conjunction with military attacks.
"Things went from cybercrime to cyberwarfare," Alexander said. "When I talk about partnerships, this is one of the things we have to take into consideration. What is our role? What is DHS's role? How do we work with industry?"
Alexander added that situational awareness in the event of a cyberattack is lacking. He said he sees NSA in a technical support role for DHS, especially in the protection of classified and national security networks. He pointed out the need to share information at network speed, and for example, getting critical antivirus signatures and vulnerability patches out not only domestically, but also to U.S. allies.
"How do we share that for the good of all?" Alexander asked. "That's a tough one because in sharing it, you're also giving out a secret."
|
|
|
|
