NSA Will Hunt Cyber Attackers Inside The US

The sophisticated hacks pulled off by Russia and China against a broad array of government and industrial targets in the United States has prompted a reconsideration of national cyber security strategy. There is problem with the failure of the intelligence agencies to detect the attacks and this is now driving the Biden administration and Congress to think hard about how the nation should protect itself from growing cyber threats.

Now, members of the US Senate Armed Services Committee have expressed support  for expanding the scope for for the National Security Agency (NSA) and US Cyber Command to conduct more intelligence gathering domestically.

A group of cross-party Senators has offered to help expand the NSA's authority which would allow the NSA spy agency to look for signal’s intelligence against foreign adversaries that US officials have said are behind a string of recent attacks, like the recent SolarWinds hack

Committee members praised General Paul Nakasone, who heads both the NSA spy agency and the US military Cyber Command for his efforts to secure the 2020 elections from foreign interference. The NSA and Cyber Command conducted some two dozen operations to protect US infrastructure and target adversaries prior to the November poll.

The disastrous Solar Winds cyber attack is thought to be from Russia and it affected parts of the government including the Department of Justice and the Department of Defense.

Nakasone told senators  that the US was unable to keep up with the threat in large part because laws prevent NSA and Cyber Command from adequately observing adversaries operating on US networks.“They’re no longer just launching their attacks from different parts of the world. They understand that they come into the United States, use our infrastructure, and there’s a blind spot for us not being able to see them.” 

Nakasone also said there are legal barriers for companies to share information with the US government. But to prevent such attacks the federal government must be able to respond more quickly to attacks on private networks inside the United States to understand what’s happening when they are under attack, which currently requires law enforcement and sometimes warrants or other permissions.

The General did not  ask Congress for additional authorities for the NSA to meet that threat, remarking that it wasn’t “necessarily” US Cyber Command that needed to lead that effor, but he he didn’t have to. The Senators  seemed more than ready to deliver them. “I would like to work with the committee on getting you those authorities” said Democrat Senator Kirsten Gillibrand. “This is a case of where we’ve made laws we think are correct and we don’t use our resources,” said Republican Senator Mike Rounds.

While the Fourth Amendment to the US Constution protects against unreasonable searches and is a key obstacle to potential expansion of the NSA’s domestic search powers, it is though that the Biden administration could create a package of procedures or safeguards to address these concerns. That would pave the way to expand the NSA’s capabilities to detect and  prevent hacks without necessarily invading the citizens' privacy.

However, there remain deep rooted concerns for giving expanded authorities to foreign-facing spy agencies, not least because of the widespread bulk surveillance of US citizens carried out by the NSA, as disclosed by the renegade spy agency operative, Edward Snowden

As pointed out by Democrat Senator Ron Wyden, a member of the US Senate Intelligence Committee  “The government already has the authority to watch every bit of data going in and out of federal networks. CISA  and NSA still missed the SolarWinds backdoor calling home for further instructions. The problem here isn’t our privacy laws, but that the government is failing cyber security 101.... Some in the government now want to ask for new, warrantless surveillance of Americans’ communications to distract Congress from asking unpleasant questions about why CISA’s $6 billion cyber shield failed to stop or detect the hacks,” he said in a statement.

US Senate:    CBS:       DefenseOne:     Wall Street Journal:      NYT:      BankInfoSecurity:     Image: Unsplash

You Might Also Read:

CISA, NSA And The Dual Hat

 

« FBI 2020 Online Crime Report
New Cyber Security Measures To Protect US Energy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Identity Theft Resource Center (ITRC)

Identity Theft Resource Center (ITRC)

ITRC is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime.

Conference-Service.com

Conference-Service.com

Conference-Service.com provides a categorised calendar of conferences and events which includes Information Security.

Fidelis Security

Fidelis Security

Fidelis Security is a leading provider of extended threat detection and response (XDR) solutions for your security operations.

LEXFO

LEXFO

LEXFO specializes in the security of information systems, assisting clients in protecting information assets using an offensive and innovative approach.

Nok Nok Labs

Nok Nok Labs

Nok Nok is a market leader in next generation authentication for cloud, mobile and IoT applications.

SaltStack

SaltStack

SaltStack develops award-winning intelligent IT automation software. We help businesses more efficiently secure and manage all aspects of their digital infrastructure.

Montreal International

Montreal International

You’re an entrepreneur planning to launch a company in an innovative sector such as AI, cybersecurity, 'deeptech' or fintech? You’ve found the right place!

InfoSystems Inc

InfoSystems Inc

InfoSystems provides reliable IT solutions to build and maintain strong and secure systems for both SMB and enterprise organizations.

Mage Data

Mage Data

Mage (formerly Mentis Software) is a leading solutions provider for data security and data privacy software for global enterprises.

Association for Uncrewed Vehicle Systems International (AUVSI)

Association for Uncrewed Vehicle Systems International (AUVSI)

AUVSI is the world's largest nonprofit organization dedicated to the advancement of uncrewed systems and robotics. Focus areas include cyber security for uncrewed systems and robotics.

Endor Labs

Endor Labs

Endor Labs gives developers and security teams the context they need to prioritize open source risk.

Tsaaro Academy

Tsaaro Academy

Tsaaro Academy is a unique privacy certification training platform and here you earn a privacy certification CEH, CISM and DPO from India’s No.1 Privacy training platform.

Applied Connective Technologies

Applied Connective Technologies

Applied Connective is one team for all your technology needs, from IT to phones, cyber security to physical security, audio/video and the infrastructure to support it.

Aegis9

Aegis9

Aegis9 is an Australian owned and sovereign consultancy that specialises in providing tailored security solutions for both public and private sector clients based on their specific needs.

HanaByte

HanaByte

HanaByte is a security consultancy focused on delivering state of the art solutions in the cloud. We specialize in delivering cloud services with an emphasis on security.

SGS Brightsight

SGS Brightsight

SGS Brightsight is the largest independent security evaluation lab in the world, with ten recognised labs worldwide.