NSA Will Hunt Cyber Attackers Inside The US

Uploaded on 2021-03-30 in TECHNOLOGY--Resilience, INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

The sophisticated hacks pulled off by Russia and China against a broad array of government and industrial targets in the United States has prompted a reconsideration of national cyber security strategy. There is problem with the failure of the intelligence agencies to detect the attacks and this is now driving the Biden administration and Congress to think hard about how the nation should protect itself from growing cyber threats.

Now, members of the US Senate Armed Services Committee have expressed support  for expanding the scope for for the National Security Agency (NSA) and US Cyber Command to conduct more intelligence gathering domestically.

A group of cross-party Senators has offered to help expand the NSA's authority which would allow the NSA spy agency to look for signal’s intelligence against foreign adversaries that US officials have said are behind a string of recent attacks, like the recent SolarWinds hack

Committee members praised General Paul Nakasone, who heads both the NSA spy agency and the US military Cyber Command for his efforts to secure the 2020 elections from foreign interference. The NSA and Cyber Command conducted some two dozen operations to protect US infrastructure and target adversaries prior to the November poll.

The disastrous Solar Winds cyber attack is thought to be from Russia and it affected parts of the government including the Department of Justice and the Department of Defense.

Nakasone told senators  that the US was unable to keep up with the threat in large part because laws prevent NSA and Cyber Command from adequately observing adversaries operating on US networks.“They’re no longer just launching their attacks from different parts of the world. They understand that they come into the United States, use our infrastructure, and there’s a blind spot for us not being able to see them.” 

Nakasone also said there are legal barriers for companies to share information with the US government. But to prevent such attacks the federal government must be able to respond more quickly to attacks on private networks inside the United States to understand what’s happening when they are under attack, which currently requires law enforcement and sometimes warrants or other permissions.

The General did not  ask Congress for additional authorities for the NSA to meet that threat, remarking that it wasn’t “necessarily” US Cyber Command that needed to lead that effor, but he he didn’t have to. The Senators  seemed more than ready to deliver them. “I would like to work with the committee on getting you those authorities” said Democrat Senator Kirsten Gillibrand. “This is a case of where we’ve made laws we think are correct and we don’t use our resources,” said Republican Senator Mike Rounds.

While the Fourth Amendment to the US Constution protects against unreasonable searches and is a key obstacle to potential expansion of the NSA’s domestic search powers, it is though that the Biden administration could create a package of procedures or safeguards to address these concerns. That would pave the way to expand the NSA’s capabilities to detect and  prevent hacks without necessarily invading the citizens' privacy.

However, there remain deep rooted concerns for giving expanded authorities to foreign-facing spy agencies, not least because of the widespread bulk surveillance of US citizens carried out by the NSA, as disclosed by the renegade spy agency operative, Edward Snowden

As pointed out by Democrat Senator Ron Wyden, a member of the US Senate Intelligence Committee  “The government already has the authority to watch every bit of data going in and out of federal networks. CISA  and NSA still missed the SolarWinds backdoor calling home for further instructions. The problem here isn’t our privacy laws, but that the government is failing cyber security 101.... Some in the government now want to ask for new, warrantless surveillance of Americans’ communications to distract Congress from asking unpleasant questions about why CISA’s $6 billion cyber shield failed to stop or detect the hacks,” he said in a statement.

US Senate:    CBS:       DefenseOne:     Wall Street Journal:      NYT:      BankInfoSecurity:     Image: Unsplash

You Might Also Read:

CISA, NSA And The Dual Hat

 

« FBI 2020 Online Crime Report
New Cyber Security Measures To Protect US Energy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

baramundi software

baramundi software

baramundi software AG provides companies and organizations with efficient, secure, and cross-platform management of workstation environments.

AvePoint

AvePoint

AvePoint is an established leader in enterprise-class data management, governance, and compliance software solutions.

TestingXperts

TestingXperts

TestingXperts is a specialist software QA and testing company.

Cyfor

Cyfor

Cyfor provides digital forensics and eDiscovery in civil, criminal, intellectual property, litigation and dispute resolution investigations.

Keyfactor

Keyfactor

Keyfactor is a leader in cloud-first PKI as-a-Service and crypto-agility solutions. Our Crypto-Agility Platform seamlessly orchestrates every key and certificate across the enterprise.

Mako Networks

Mako Networks

The Mako System is an award winning networking and security service designed specifically for SMEs and branch offices of larger organisations.

Totalsec

Totalsec

Totalsec is a Grupo Salinas company with a team of professionals in cybersecurity and information security providing Security Consulting, Solutions Integration, and Managed Security Services.

National Cyber Security Agency (NACSA) - Malaysia

National Cyber Security Agency (NACSA) - Malaysia

NACSA is the leading government agency in Malaysia responsible for the development and implementation of national cyber security management policie and strategies.

Awake Security

Awake Security

Awake Security offer a security solution built on an AI platform that acts like the human brain to sense, detect, and respond to threats you may not even know exist.

Gorodissky IP Security

Gorodissky IP Security

Gorodissky IP Security is a comprehensive approach to protecting your intellectual property on the Internet and beyond.

Senserva

Senserva

Senserva delivers a deep analysis for security user accounts and applications within the Microsoft cloud environment.

NWN Corp

NWN Corp

NWN Corporation is a leading Cloud Communications Service Provider (CCSP) focused on transforming the customer and workspace experience for commercial, enterprise and public sector organizations.

Amnesty Tech

Amnesty Tech

Amnesty Tech's Security Lab leads technical investigations into cyber-attacks against civil society and provides critical support when individuals face such attacks.

Seigur

Seigur

Seigur is an IT consultancy business providing flexible legal and cyber security services for IT and data privacy programmes.

KingsGuard Solutions

KingsGuard Solutions

KingsGuard Solutions is a San Diego Cybersecurity company that specializes in complex and innovative security solutions for companies throughout Southern California.

Hughes Network Systems

Hughes Network Systems

Hughes are industry leaders in networking technologies and services, innovating constantly to deliver the global solutions that power a connected future for people, enterprises and things everywhere.