Stellar Wind: CIA analysts didn’t use the NSA’s Spy program.

Uploaded on 2015-05-08 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

999a7aa36cab52b992c949e7e4f3fb62.jpg

A newly-released document from the Central Intelligence Agency’s (CIA) own internal watchdog found that the government’s controversial warrantless surveillance and bulk data collection program was so secretive that the agency was unable to make “full use” of its capabilities even several years after the September 11 attacks. Initially, only top-level CIA officials were cleared on its use, rather than rank-and-file "CIA analysts and targeting officers.”

STELLAR WIND, the code name for the highly secretive President’s Surveillance Program (PSP, or “The Program”), was created in the wake of the September 11 attacks. The legal justification for the PSP has changed multiple times over the years, and today it stands under the Foreign Intelligence Surveillance Act Amendments Act (FISA AA) of 2008, which remains law.

The CIA IG report writes that under the PSP, there were three "sets of data" collected.
The first set included the content of individually targeted telephone and e-mail communications. The second consisted of telephone dialing information—the date, time, and duration of calls; the telephone number of the caller; and the number receiving the call—collected in bulk. The third data set consisted of e-mail transactional data collected in bulk.

Several factors hindered the CIA in making full use of the capabilities of the PSP. Many CIA officers told us that too few CIA personnel at the working level were read into the PSP. Officials told us that CIA and targeting officers who were read in had too many competing priorities and too many other available information sources and analytic tools, many of which were more easily accessed and timely, to fully utilize the PSP. 
CIA officers also told us that the PSP would have been more fully utilized if and targeting officers had obtained a better understanding of the program's capabilities. Many CIA officers noted that there was insufficient training and legal guidance concerning the program's capabilities and the use of PSP-derived information. 
Ars Technica: http://bit.ly/1dzO2Z1

« France’s Intelligence Bill: legalising mass surveillance
Forget Hackers, The Biggest Internet Security Threat Is Closer to Home »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Zscaler

Zscaler

Zscaler enables the world’s leading organizations to securely transform their networks and applications for a mobile and cloud first world.

PortSwigger

PortSwigger

PortSwigger's Burp Suite is an integrated platform for performing security testing of web applications.

Northwave

Northwave

Northwave offers an Intelligent combination of cyber security services to protect your information.

OneSpan

OneSpan

OneSpan (formerly Vasco Data Security) is a global leader in digital identity security, transaction security and business productivity.

Scantist

Scantist

Scantist is a cyber-security spin-off from Nanyang Technological University (Singapore) which leverages its expertise to provide vulnerability management solutions to enterprise clients.

Irish National Accreditation Board (INAB)

Irish National Accreditation Board (INAB)

INAB is the national accreditation body for Ireland. The directory of members provides details of organisations offering certification services for ISO 27001.

National Cybersecurity Society (NCSS) - USA

National Cybersecurity Society (NCSS) - USA

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education, awareness and advocacy to small businesses.

Nihon Cyber Defense

Nihon Cyber Defense

Nihon Cyber Defence’s mission is to provide robust solutions, services and support to governments, corporates and organisations in order to protect them from all forms of cyber warfare.

Cyber Smart Defense

Cyber Smart Defense

Cyber Smart Defense is a specialist provider of penetration testing services and IT security audits.

Internet 2.0

Internet 2.0

Internet 2.0 is a Cyber Security technology company with a core focus on developing affordable but sophisticated cyber security solutions.

Istari

Istari

ISTARI is a new kind of cyber risk management company. We’re an agile collective of best-in-class capabilities and experts, who build ongoing partnerships with clients.

inSOC

inSOC

inSOC is an enterprise-grade AI-driven SOCaaS solution detecting breaches 24/7 with vulnerability management built-in. Designed for MSPs and MSSPs.

Judy Security

Judy Security

Judy (formerly AaDya Security) provides smart, simple, effective, all-in-one cybersecurity for SMBs. Get the 24/7 protection and support you deserve, at a price you can afford.

Foghorn Consulting

Foghorn Consulting

Foghorn can analyze your cloud to enhance performance and security, while reducing costs. Based on AWS’ 6 Pillars, our AWS WAFR Certified Engineers Will Identify Areas of Improvement.

NopalCyber

NopalCyber

NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant.

Ezer Group

Ezer Group

Ezer Group aim to help our clients drive organizational growth and improvement by strategically partnering with them to reduce cyber risk.