NSA Using The Cloud To Thwart The Next Snowden

Uploaded on 2016-03-23 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Inside NSA Headquarters, Fort Meade, Maryland

In a post-Snowden world, is it really a good idea to have analysts swimming around in one vast ocean of NSA secrets and data?

Snowden’s stream of leaked NSA secrets about classified surveillance programs shined the public spotlight on the clandestine government organization. Though the stream has now dissipated to a trickle, the impact to the intelligence community continues.

To privacy activists, Snowden’s leaks were a godsend. They forced a national discussion on government surveillance and even coaxing the likes of Director of National Intelligence James Clapper to admit the intelligence community needs to be more transparent.

Yet, the leaks have “had a material impact” on NSA’s ability to generate intelligence around the world, NSA Director Michael Rogers said back in February 2015.

Within NSA’s Fort Meade, Maryland, headquarters, no one wants to face another Snowden. With NSA’s widespread adoption of cloud computing, the spy agency may not have to.

Could the Cloud Have Stopped Snowden?

NSA bet big on cloud computing as the solution to its data problem several years ago.

Following expanded legal authorities enacted after the Sept. 11, 2001, terrorist attacks, NSA and the other 16 agencies within the intelligence community began to collect a gargantuan amount of intelligence data: Internet traffic and emails that traverse fiber optic cables; telephone call metadata; and satellite reconnaissance.
Much of that intelligence piled up in various repositories that had to stock up on servers to keep up with demand.  

NSA’s GovCloud—open-source software stacked on commodity hardware—creates a scalable environment for all NSA data. Soon, most everything NSA collects will end up in this ocean of information.

At first blush, that approach seems counterintuitive. In a post-Snowden world, is it really a good idea to put everything in one place—to have analysts swimming around in an ocean of NSA secrets and data?

It is, if that ocean actually controls what information analysts in the NSA GovCloud can access. That’s analogous to how NSA handles security in its cloud.

NSA built the architecture of its cloud environment from scratch, allowing security to be baked in and automated rather than bolted on and carried out by manual processes. Any piece of data ingested by NSA systems over the last two years has been meta-tagged with bits of information, including where it came from and who is authorized to see it in preparation for the agency’s cloud transition.

Data in the GovCloud doesn’t show up to analysts if they aren’t authorized, trained or cleared to see it, according to NSA Chief Information Officer Lonny Anderson.

“While putting data to the cloud environment potentially gives insiders the opportunity to steal more, by focusing on securing data down at cell level and tagging all the data and the individual, we can actually see what data an individual accesses, what they do with it, and we can see that in real time,” Anderson told Nextgov. “So we think this actually dramatically enhances our capability.”

NSA cloud strategist Dave Hurry further clarified NSA’s approach to securing data within GovCloud.
“We don’t let people just see everything; they’re only seeing the data they are authorized to see,” Hurry told Nextgov.

What about adventurous, negligent or potentially nefarious insiders? How exactly Snowden ferreted out NSA’s secrets for months across numerous databases and evaded detection remains uncertain. But what is clear is that his actions should have thrown up some Utah Data Center-sized red flags. They didn’t.

GovCloud’s other baked-in security features are likely to deter all but the boldest of would-be rogue insiders. In the past, Anderson said, disparate data repositories contained log files to track user behavior, but those logs “had to be manually reviewed.”

That’s not a good recipe to catch malicious behavior. GovCloud automates those monitoring processes and flags network security personnel, Anderson said, when a user attempts to “exceed limits of authority.”

“The [GovCloud] system could prevent it,” Anderson said. “But what it would have immediately done is highlighted and told our network security heads that someone is pulling a lot of data.” That information would “allow us to visit the individual,” or “we could shut it down at the point we saw it,” Anderson said. “It would have prevented what Mr. Snowden did,” Anderson added.

More Than Just Security

More than simply Snowden-proofing its data, GovCloud’s other features make it even more attractive to analysts and top agency officials charged with protecting national security interests. GovCloud’s architecture has a “fact-of” function that alerts analysts that additional data on a query may be available but inaccessible based on the analyst’s access controls.

NSA’s cloud migration will also significantly beef up the agency’s ability to comply with a plethora of legal rules, mandates and executive order. Just as security is automated in NSA’s cloud, so too are compliance measures such as data preservation orders or data retention rules.

Old repositories operating on legacy architecture predate many more recent laws and policy changes. The USA Patriot Act of 2001, for example, was authored into law after some of NSA’s existing legacy repositories were built, so NSA’s only option to adhere to evolving policies was to “bolt on compliance,” Anderson said.

As NSA further transitions to using cloud, analysts will make better use of their time, making queries against one database instead of repeated ones against dozens of relational databases. NSA’s centralized cloud will also alleviate uncertainty regularly faced by analysts when they query databases.

After running a query, analysts sometimes wonder whether they are actually authorized to view certain data. That kind of doubt influences what and how analysts generate intelligence reports. With the GovCloud, on the other hand, analysts will have near certainty that they’re only seeing information they are supposed to see.

Moving More than Data to the Cloud

NSA has been slowly migrating users to its new cloud architecture to ease the transition, but the pace has begun to pick up speed. Three weeks ago, Anderson said NSA transitioned users off three of the biggest legacy repositories into its cloud environment. Those users include NSA personnel, Defense Department and other intelligence community personnel.

The move has not come without obstacles. The cloud organizes data differently than old repositories, and some analyst methods do not translate to NSA’s cloud model. However, the agency is training analysts on new methodologies.

Closing down repositories filled with untold racks of servers the way NSA did three weeks ago will also save the agency money in operations and maintenance. Some of those systems are decades old. Servers housed in closed repositories will be destroyed and their data deleted, Anderson said.

In the coming years, closed repositories will come to signal the success of NSA’s bet on cloud computing. Will it prevent the next Edward Snowden-like attack? NSA officials are counting on it, but they’re counting on the cloud for a lot more than that.

DefenseOne: 

« Why Executives Need to Prioritise Cybersecurity
A Cashless Society Can’t Fix Our Money Worries »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

TraceSecurity

TraceSecurity

TraceSecurity, a leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions.

Modux

Modux

Modux focus on a number of core competencies across cyber security including; cyber intelligence & analytics, penetration testing and training.

Sikur

Sikur

Sikur have developed a communication platform that sets new boundaries for corporate privacy and security.

CodeSealer

CodeSealer

CodeSealer provide invisible end-to-end user interface protection with a unique web security solution to eliminate Man-in-the-Middle and Man-in-the-Browser vulnerabilties.

Fraud.com

Fraud.com

Fraud.com ensures trust at every step of the customer's digital journey; this complete end-to-end protection delivers unified identity, authentication and fraud detection and prevention.

Purple Security

Purple Security

Purple Security arises from the association of specialists in offensive security (ethical hackers, white hats) and experts in insurance, compliance and implementation of industry standards.

National Initiative for Cybersecurity Education (NICE) - USA

National Initiative for Cybersecurity Education (NICE) - USA

NICE is a partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development.

Enet 1 Group1

Enet 1 Group1

Enet 1 Group audits, assesses, recommends, and delivers tested solutions for the ever-increasing threats to your critical systems and digital assets

AVANTEC

AVANTEC

AVANTEC is the leading Swiss provider of IT security solutions in the areas of cloud, content, network and endpoint security.

Wickr

Wickr

Wickr's mission is to secure the world's most critical communications. Wickr provides the highest standard of encryption trusted by millions worldwide.

Indian Cyber Security Solutions (ICSS)

Indian Cyber Security Solutions (ICSS)

Indian Cyber Security Solutions is an Enterprise Cyber Security Platforms company offering Cyber Security & Technical Education and Compliance & Penetration Testing Services.

Radiant Security

Radiant Security

Radiant Security offers an AI-powered security co-pilot for Security Operations Centers (SOCs). Reinforce your SOC with an AI assistant.

Sunnic

Sunnic

Sunnic is a leading provider of comprehensive digital data security technology.

Strobes Security

Strobes Security

Strobes is among the world’s first cybersecurity platforms specifically designed for end-to-end continuous threat exposure management.

CyberMindr

CyberMindr

CyberMindr is a SaaS platform for Automated & Continuous Attack Path and Threat Exposure Discovery helps you to proactively identify & assess your attack surface to mitigate associated threats.

Neural Defend

Neural Defend

Neural Defend is a deepfake detection technology with proprietary algorithms and an AI agentic multi-layered of solution.