Crossroads Blog | CYBER SECURITY LAW AND POLICY

cyber attack, Cyber Exploitation, Legislation

Cybersecurity Legislation Should Force U.S. Government To Listen Less And Speak More: The Atlantic

On March 15th, 2012, Jason Healey wrote for The Atlantic on the NSA's role in defending the private sector against cyberattacks.  Noting that the private sector is on the front lines of a cyberwar, Healey believes that the private sector "needs the capabilities of the US government" in order to defend itself against Chinese backed cyberespionage.  Moreover, the NSA clearly has the most cyber-expertise in the US government, so it would be best suited to helping the private sector.  In this vein, the NSA had envisioned an arrangment where it would monitor the computer networks of critical infrastructure providers. 

However, the Obama administration denied the NSA's push for private sector monitoring.  According to Healey, this denial, in conjunction with the NSA's black eye over warrantless intercepts, makes NSA monitoring of private networks unlikely.

Even so, Healy suggested that the NSA could still help the private sector by giving up its "crown jewels": its "classified database of 'signatures' of malicious software."  Malware signatures are an identifier; they allow cybersecurity defenses to flag incoming cyberattacks and stop them.  The private sector could make use of the signatures to better defend against cyberattacks.

Granted, the NSA might be concerned about compromising its collection sources.  However, the article noted that "most of these signatures protect little but bureaucratic inertia", and quoted Gen. Michael Hayden as saying "This stuff is overprotected."

Healey went on to propose a number of ways the NSA could share the signatures.  Check out The Atlantic article for more.

***

While we're here…

James Bamford wrote a fascinating article for Wired on the NSA's new spy palace, the country's "biggest spy center."

2 Comments

  1. Park

    The idea that a closer relationship between government and industry will help improve cyber security is absurd. Slap on a name like NSA and everyone things they are dealing with geniuses. I have spent years in this field solving real world security problems and doing research in vulnerabilities. In my opinion, the best way to address these issues, particularly in SCADA systems, is not to write laws inserting the government into the private supply chain. A more effective solution is to make senior executives in SCADA systems personally accountable for damage to people and private property that results from their failure to apply best practices in security.

  2. Park

    The idea that a closer relationship between government and industry will help improve cyber security is absurd. Slap on a name like NSA and everyone things they are dealing with geniuses. I have spent years in this field solving real world security problems and doing research in vulnerabilities. In my opinion, the best way to address these issues, particularly in SCADA systems, is not to write laws inserting the government into the private supply chain. A more effective solution is to make senior executives in SCADA systems personally accountable for damage to people and private property that results from their failure to apply best practices in security.

Leave a Reply

cyber attack, Cyber Exploitation, Legislation

Cybersecurity Legislation Should Force U.S. Government To Listen Less And Speak More: The Atlantic

On March 15th, 2012, Jason Healey wrote for The Atlantic on the NSA's role in defending the private sector against cyberattacks.  Noting that the private sector is on the front lines of a cyberwar, Healey believes that the private sector "needs the capabilities of the US government" in order to defend itself against Chinese backed cyberespionage.  Moreover, the NSA clearly has the most cyber-expertise in the US government, so it would be best suited to helping the private sector.  In this vein, the NSA had envisioned an arrangment where it would monitor the computer networks of critical infrastructure providers. 

However, the Obama administration denied the NSA's push for private sector monitoring.  According to Healey, this denial, in conjunction with the NSA's black eye over warrantless intercepts, makes NSA monitoring of private networks unlikely.

Even so, Healy suggested that the NSA could still help the private sector by giving up its "crown jewels": its "classified database of 'signatures' of malicious software."  Malware signatures are an identifier; they allow cybersecurity defenses to flag incoming cyberattacks and stop them.  The private sector could make use of the signatures to better defend against cyberattacks.

Granted, the NSA might be concerned about compromising its collection sources.  However, the article noted that "most of these signatures protect little but bureaucratic inertia", and quoted Gen. Michael Hayden as saying "This stuff is overprotected."

Healey went on to propose a number of ways the NSA could share the signatures.  Check out The Atlantic article for more.

***

While we're here…

James Bamford wrote a fascinating article for Wired on the NSA's new spy palace, the country's "biggest spy center."

1 Comment

  1. Park

    The idea that a closer relationship between government and industry will help improve cyber security is absurd. Slap on a name like NSA and everyone things they are dealing with geniuses. I have spent years in this field solving real world security problems and doing research in vulnerabilities. In my opinion, the best way to address these issues, particularly in SCADA systems, is not to write laws inserting the government into the private supply chain. A more effective solution is to make senior executives in SCADA systems personally accountable for damage to people and private property that results from their failure to apply best practices in security.

Leave a Reply