NSA backlash undermines ‘Star Wars’ US web defence

Plan to screen internet traffic against cyber attacks unlikely to progress, officials say

NSA director Gen Keith Alexander: championed web defence system plan

NSA director Gen Keith Alexander: championed web defence system plan


Even while rapidly expanding its electronic surveillance around the world, the United States National Security Agency (NSA) has lobbied inside the government to deploy the equivalent of a “Star Wars” defence system for US computer networks, designed to intercept cyber attacks before they could cripple power plants, banks or financial markets.

But administration officials say the plan, championed by Gen Keith B Alexander, director of the NSA and head of the Pentagon’s cyber command, has virtually no chance of moving forward given the backlash against the agency over the recent disclosures about its surveillance programmes.

Senior NSA officials say much of the technology needed to filter malicious software, known as malware, by searching incoming messages for signs of programmes designed to steal data, or attack banks or energy firms, is strikingly similar to the technology the NSA already uses for surveillance.

“The plan was always a little vague, at least as Keith described it, but today it may be Snowden’s biggest single victim,” one senior intelligence official said, referring to whistleblower Edward Snowden, the former NSA contractor who released documents revealing details of many of the agency’s surveillance programmes.

“Whatever trust was there is now gone,” the official added. “I mean, who would believe the NSA when it insists it is blocking Chinese attacks but not using the same technology to read your email?”

Information flows
Last week, the NSA reported for the first time that it “touches about 1.6 per cent” of all the traffic carried on the internet each day. In a statement, it said it closely examines only a tiny fraction of that information. But Gen Alexander’s plan would put the agency, or internet service providers (ISPs) acting on its behalf, in the position of examining a far larger percentage of the world’s information flows.

Under this proposal, the government would latch into the giant “data pipes” that feed the largest ISPs in the US, companies such as AT&T and Verizon. The huge volume of traffic that runs through those pipes, particularly emails, would be scanned for signs of anything from computer servers known for attacks on the US or for stealing information from American companies. Other metadata would be inspected for evidence of malicious software.

“It’s defence at network speed,” Gen Alexander told a Washington security-research group recently, according to participants. “Because you have only milliseconds.”

This summer, the NSA has begun assembling scores of new cyber “offence” and “defence” teams, the agency’s most concrete step toward preparing the Pentagon and intelligence agencies for a new era of computer conflict. Erecting a national cyber defence is a key element of that plan. At an interagency meeting that discussed the flood of cyber attacks directed daily at US networks, from Chinese efforts to steal corporate secrets to Iranian efforts to cripple financial institutions, Gen Alexander said: “I can’t defend the country until I’m into all the networks,” according to other officials present.

The appeal of such a programme is its apparent simplicity: the worst malware could be blocked before it reaches companies, universities or individual users, many of whom may be using outdated virus protection or none at all. Normal commercial virus programmes are always running days, or weeks, behind the latest attacks – and the protection depends on users loading the latest versions on their computers.

The government has been testing a model for a national defence against cyber attack with major defence contractors including Lockheed Martin, Boeing and Raytheon. Early results were disappointing but participants in the programme – the details of which are classified – say they are getting significantly improved results. Each company in the defence industrial base programme now shares data on the kinds of attacks it is seeing, anonymously, with other participating companies.

But for the NSA, which is building a target list of servers used by the most aggressive cyber attackers, monitoring all internet traffic would also be an intelligence bonanza. It would give it a real-time way to watch servers around the world and focus more quickly on those it suspects are the breeding ground for governments or private hackers preparing attacks.

Even before the Snowden revelations, Gen Alexander had encountered opposition. Top officials of the department of homeland security, which is responsible for domestic defence of the internet, said NSA monitoring would overly militarise the US’s approach to defending the internet, rather than making sure users took the primary responsibility for protecting their systems.

Congressional approval
It appears unlikely that, with the administration divided and facing a backlash against the NSA in Congress, any proposal for a formal plan for national cyber defence will be submitted soon. Members of the House and Senate intelligence committees said Gen Alexander’s plan would almost certainly require congressional approval.

That is a fight the White House is not interested in having while it struggles to get a much more modest cyber security Bill through Congress after years of arguments over privacy concerns and corporate US fears that Washington will dictate how companies protect data and how much they must spend on new defences. The Bill failed last year, and passage this year appears in doubt. – (New York Times)