[Infowarrior] - NSA to defend against hackers

[Richard Forno]

www.baltimoresun.com/news/nation/bal-te.nsa20sep20,0,7906814.story?coll=bal_
tab01_layout
baltimoresun.com
NSA to defend against hackers
Privacy fears raised as spy agency turns to systems protection

By Siobhan Gorman

Sun reporter

September 20, 2007

WASHINGTON

In a major shift, the National Security Agency is drawing up plans for a new
domestic assignment: helping protect government and private communications
networks from cyberattacks and infiltration by terrorists and hackers,
according to current and former intelligence officials.

>From electricity grids to subways to nuclear power plants, the United States
depends more than ever on Internet-based control systems that could be
manipulated remotely in a terrorist attack, security specialists say.

The plan calls for the NSA to work with the Department of Homeland Security
and other federal agencies to monitor such networks to prevent unauthorized
intrusion, according to those with knowledge of what is known internally as
the "Cyber Initiative." Details of the project are highly classified.

Director of National Intelligence Mike McConnell, a former NSA chief, is
coordinating the initiative. It will be run by the Department of Homeland
Security, which has primary responsibility for protecting domestic
infrastructure, including the Internet, current and former officials said.

At the outset, up to 2,000 people -- from the Department of Homeland
Security, the NSA and other agencies -- could be assigned to the initiative,
said a senior intelligence official who spoke on condition of anonymity.

The NSA's new domestic role would require a revision of the agency's
charter, the senior intelligence official said. Up to now, the NSA's
cyberdefense arsenal has been used to guard the government's classified
networks -- not the unclassified networks that now are the responsibility of
other federal agencies.

NSA officials declined to discuss specific programs but said cybersecurity
is a critical component of what they do.

"We have a strong history in information assurance and national security,"
said NSA spokeswoman Andrea Martino, who added that the agency will continue
to play a role in cyberdefense.

Homeland Security spokesman Russ Knocke said that "as the lead agency
responsible for assuring the security, resiliency and reliability of the
nation's information technology and communications infrastructure, our
department is working to unify further and integrate the security framework
for cyber operations throughout the federal government."

Since the existence of its warrantless domestic eavesdropping program was
revealed in 2005, the NSA and other U.S. intelligence agencies have been
mired in a controversy over domestic intelligence activities. The Homeland
Security Department recently came under fire amid Bush administration plans
to broadly expand the use of satellite imagery to assist in federal, state
and local law enforcement.

Current and former intelligence officials, including several NSA veterans,
warned that the agency's venture into domestic computer and communications
networks -- even if limited to protecting them -- could raise new privacy
concerns. To protect a network, the government must constantly monitor it.

"This will create a major uproar," predicted Ira Winkler, a former NSA
analyst who is now a cybersecurity consultant.

"If you're going to do cybersecurity, you have to spy on Americans to secure
Americans," said a former government official familiar with NSA operations.
"It would be a very major step."

A former senior NSA official said the difference between monitoring networks
in order to defend them and monitoring them to collect intelligence is very
small.

The former officials spoke on condition of anonymity to protect
relationships with intelligence agencies.

Another former NSA official said that if the government wants to prevent
cyberattacks, it makes sense to tap the agency's skills.

"I've got to be able to at least look at something to determine: Do I have a
threat or don't I have a threat?" the former NSA official said. "It's
important that you have the best thinkers with the deepest experience
working these problems on behalf of the nation."

O. Sami Saydjari, a cybersecurity consultant, said the privacy concerns are
real. He said intelligence agencies should be part of the solution, because
they have the expertise needed to develop a national cybersecurity system,
but that privacy advocates also should be part of the planning process.

Computer specialists have warned for years about cyberattacks. But experts
say efforts to guard against them have not gained momentum at the national
level, at least in part because the public envisions a cyberattack as
nothing more than a big computer crash.

Those who monitor such threats said the danger has grown as control systems
for potential terrorist targets have become increasingly connected to the
Internet.

A cyberattack could cut access to power, banking and telecommunications
systems across much of the country, said Saydjari, president of the Cyber
Defense Agency, a consulting firm.

"The hostile groups have caught on to most of the things we're worried
about," said Scott Borg, director of the U.S. Cyber Consequences Unit, a
nonprofit research institute that advises the government and the private
sector. "It's been remarkable in the last, really, two years how much all
these things that people like me have been worried about have been bit by
bit rediscovered and reinvented in the hacker world."

Potential cyberattacks are being discussed in chat rooms in languages that
include English, Arabic, Russian and Punjabi, he said. Terrorists and others
already know many of the country's vulnerabilities, Borg said, adding that
he is extremely concerned about the ability to hack into computer systems
controlling nuclear power plants.

A government task force issued a stark warning this year that the threat of
a cyberattack to U.S. infrastructure, which can be launched from a computer
anywhere in the world, is "very real and growing rapidly." In June, an
alleged Chinese hacking effort shut down e-mail in Defense Secretary Robert
M. Gates' office for several days.

Simulation exercises, such as one dubbed Dark Angel and sponsored by the
group Professionals for Cyber Defense, showed in 2003 how a cyberattack
could shut down most of the nation's power grid, Saydjari said.

There is growing interest among hackers in capturing information on "smart
cards" that allow access to buildings and critical computer systems and
using that information to gain access to the system, according to Borg.

Cybersecurity has long been an orphaned responsibility in the federal
government, with various agencies having some part in it. The NSA has
largely been left out, because its focus has been on protecting military
networks. Proposals to break off the NSA's information security branch and
assign it a broader role beyond the intelligence agencies fell flat, former
NSA officials say.

Amit Yoran, the Homeland Security Department's first chief of cybersecurity,
said in an interview that while the government has made progress, federal
efforts have been "somewhat spotty" overall.

Among the main challenges, he said, is that the Homeland Security Department
has been given responsibility for the problem but lacks the authority and
expertise to compel other agencies and the private sector to follow its
lead.

The new cybersecurity effort aims to build, in part, on an existing NSA
program, code-named Turbulence, which has had a troubled start, the senior
intelligence official said.

siobhan.gorman at baltsun.com