Comment: US cybersecurity posture is not purely defensive

NSA headquartersBy JOSEPH FITSANAKIS | |
In recent years, news coverage of cyberespionage and cybersecurity has increased several times over; both subjects have escaped the narrow confines of technical literature and have entered the broad expanses of popular news media. This blog is no exception; since 2008, we have covered both cybersecurity and cyberespionage at length. In looking back at our coverage, it takes but a cursory glance to conclude that most of our reports feature the names of two countries: China and –to a far lesser extent– Russia. Moreover, the vast majority of our cybersecurity and cyberespionage coverage portrays the United States as a defensive actor, trying desperately to protect the integrity of its networks from foreign hackers. But is this accurate? How realistic is it to assume that the US, the world’s leading military power, abstains from offensive cyberespionage as a matter of strategy? The most likely answer is: not very. The problem is that much of the reporting on cybersecurity is based on national allegiances. Many American media pundits thus tend to forget that Washington, too, conducts cyberespionage. Read more of this post


News you may have missed #689: NSA edition

Michael HaydenBy IAN ALLEN| |
►►Ex-NSA Director calls Stuxnet a ‘good idea’. General Michael Hayden, once head of the NSA and CIA, who was no longer in office when the Stuxnet attack on Iran occurred, but who would have been around when the computer virus was created, denies knowing who was behind it. He calls Stuxnet “a good idea”. But he also admits “this was a big idea, too. The rest of the world is looking at this and saying, ‘clearly, someone has legitimated this kind of activity as acceptable'”.
►►NSA develops secure Android phones. The US National Security Agency has developed and published details of an encrypted VoIP communications system using commercial off-the-shelf components and an Android operating system. A hundred US government employees participated in a pilot of Motorola hardware running hardened VoIP called ‘Project FISHBOWL’, NSA Information Assurance Directorate technical director Margaret Salter told the RSA Conference in San Francisco on Wednesday. “The beauty of our strategy is that we looked at all of the components, and took stuff out of the operating system we didn’t need”, said Salter. “This makes the attack surface very small”.
►►Senior US Defense official says DHS should lead cybersecurity. In the midst of an ongoing turf battle over how big a role the National Security Agency should play in securing America’s critical infrastructure, Eric Rosenbach, deputy assistant secretary of Defense for Cyber Policy in the Department of Defense, said on Wednesday that the NSA should take a backseat to the Department of Homeland Security in this regard. “Obviously, there are amazing resources at NSA, a lot of magic that goes on there”, he said. “But it’s almost certainly not the right approach for the United States of America to have a foreign intelligence focus on domestic networks, doing something that throughout history has been a domestic function”.