NSA Will Hunt Cyber Attackers Inside The US

Uploaded on 2021-03-30 in TECHNOLOGY--Resilience, INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

The sophisticated hacks pulled off by Russia and China against a broad array of government and industrial targets in the United States has prompted a reconsideration of national cyber security strategy. There is problem with the failure of the intelligence agencies to detect the attacks and this is now driving the Biden administration and Congress to think hard about how the nation should protect itself from growing cyber threats.

Now, members of the US Senate Armed Services Committee have expressed support  for expanding the scope for for the National Security Agency (NSA) and US Cyber Command to conduct more intelligence gathering domestically.

A group of cross-party Senators has offered to help expand the NSA's authority which would allow the NSA spy agency to look for signal’s intelligence against foreign adversaries that US officials have said are behind a string of recent attacks, like the recent SolarWinds hack

Committee members praised General Paul Nakasone, who heads both the NSA spy agency and the US military Cyber Command for his efforts to secure the 2020 elections from foreign interference. The NSA and Cyber Command conducted some two dozen operations to protect US infrastructure and target adversaries prior to the November poll.

The disastrous Solar Winds cyber attack is thought to be from Russia and it affected parts of the government including the Department of Justice and the Department of Defense.

Nakasone told senators  that the US was unable to keep up with the threat in large part because laws prevent NSA and Cyber Command from adequately observing adversaries operating on US networks.“They’re no longer just launching their attacks from different parts of the world. They understand that they come into the United States, use our infrastructure, and there’s a blind spot for us not being able to see them.” 

Nakasone also said there are legal barriers for companies to share information with the US government. But to prevent such attacks the federal government must be able to respond more quickly to attacks on private networks inside the United States to understand what’s happening when they are under attack, which currently requires law enforcement and sometimes warrants or other permissions.

The General did not  ask Congress for additional authorities for the NSA to meet that threat, remarking that it wasn’t “necessarily” US Cyber Command that needed to lead that effor, but he he didn’t have to. The Senators  seemed more than ready to deliver them. “I would like to work with the committee on getting you those authorities” said Democrat Senator Kirsten Gillibrand. “This is a case of where we’ve made laws we think are correct and we don’t use our resources,” said Republican Senator Mike Rounds.

While the Fourth Amendment to the US Constution protects against unreasonable searches and is a key obstacle to potential expansion of the NSA’s domestic search powers, it is though that the Biden administration could create a package of procedures or safeguards to address these concerns. That would pave the way to expand the NSA’s capabilities to detect and  prevent hacks without necessarily invading the citizens' privacy.

However, there remain deep rooted concerns for giving expanded authorities to foreign-facing spy agencies, not least because of the widespread bulk surveillance of US citizens carried out by the NSA, as disclosed by the renegade spy agency operative, Edward Snowden

As pointed out by Democrat Senator Ron Wyden, a member of the US Senate Intelligence Committee  “The government already has the authority to watch every bit of data going in and out of federal networks. CISA  and NSA still missed the SolarWinds backdoor calling home for further instructions. The problem here isn’t our privacy laws, but that the government is failing cyber security 101.... Some in the government now want to ask for new, warrantless surveillance of Americans’ communications to distract Congress from asking unpleasant questions about why CISA’s $6 billion cyber shield failed to stop or detect the hacks,” he said in a statement.

US Senate:    CBS:       DefenseOne:     Wall Street Journal:      NYT:      BankInfoSecurity:     Image: Unsplash

You Might Also Read:

CISA, NSA And The Dual Hat

 

« FBI 2020 Online Crime Report
New Cyber Security Measures To Protect US Energy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Risk Policies

Cyber Risk Policies

CyberRiskPolicy.com is a joint venture between the Poindexter Surety Group of companies and Gibbs Cyber Security.

Robert Half Technology

Robert Half Technology

Robert Half Technology offers a full spectrum of technology staffing solutions to meet contract and full-time IT recruitment needs.

SAI360

SAI360

SAI360 (formerly SAI Global) provide products and services for enterprise risk management including Governance, Risk & Compliance and Digital Risk solutions.

Payatu

Payatu

Payatu Technologies is a security testing and services company specialized in Software, Application and Infrastructure security assessments and deep technical security training.

Viscount Systems

Viscount Systems

Viscount Systems is a global security software solutions company that is changing the way access control is deployed and managed in the enterprise.

Taoglas

Taoglas

Taoglas Next Gen IoT Edge software provides a pay as you go platform for customers to connect, manage and maintain their edge devices in an efficient and secure way.

Cyber Security Courses

Cyber Security Courses

Cyber Security Courses was formed to help students in the UK find cyber security courses online.

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

GCSCC's work is focused on developing a framework for understanding what works, what doesn’t work and why – across all areas of cybersecurity capacity.

Cyber Smart Defense

Cyber Smart Defense

Cyber Smart Defense is a specialist provider of penetration testing services and IT security audits.

KETS Quantum Security

KETS Quantum Security

KETS harnesses the properties of quantum mechanics to solve challenging problems in randomness generation and secure key distribution and enable ultra secure communications.

Aurora Systems Consulting

Aurora Systems Consulting

Aurora is a Cybersecurity solutions provider with a portfolio consisting of security consulting, products and services that proactively prevent, secure and manage advanced threats and malware.

Palmchip

Palmchip

Palmchip is a Cyber Security, SOC and Software consulting company. We design and develop high performance and secure applications.

Jisc

Jisc

Jisc is a membership organisation working in partnership with the UK’s research and education communities to develop the digital technologies they need to teach, discover and thrive.

WiebeTech

WiebeTech

WiebeTech’s line of digital forensics tools provide innovative and rugged devices for efficient disk imaging and evidence capture.

HCS

HCS

HCS is an IT Company and Telecoms provider with an experienced team who are dedicated to ensuring our clients business systems are protected.

Keepit

Keepit

Keepit offer all-inclusive, secure, and reliable backup and recovery services for your data.