NSA Chief: Dont Dump Essential Security Tools

Gen. Keith Alexander defends National Security Agency practices, argues for advances in cybersecurity cooperation.

Iris Scans: Security Technology In Action(click image for larger view)
The head of the U.S. Cyber Command had come to talk about the state of cybersecurity in America. But Gen. Keith Alexander, who also directs the National Security Agency, took the offensive, delivering an impassioned defense of NSA practices Wednesday, in the wake of recriminations over the agencys collection and handling of Americans phone records.
He also asked government and industry executives, gathered at a
cybersecurity summit
in Washington, for their support in maintaining the NSAs data-collection and surveillance efforts.
In the last week, over 950 people were killed in Kenya, Iraq, Yemen and elsewhere in the world as a result of terrorist attacks, he said. Weve been fortunate to have avoided that in the U.S., but its not just because of luck, he added, referring to the work of analysts and agents at the NSA, the FBI, the Department of Homeland Security and other agencies.
Alexander said the data gathering and analytic tools the U.S. intelligence community has assembled since the Sept. 11, 2001 attacks have been instrumental in averting at least 54 terrorist attacks in the U.S. and overseas. But in light of growing demands by legislators and privacy advocates to end the NSAs data collection practices, he acknowledged, Were going to have a debate in this country on do we give up those tools. Im concerned were going to make the wrong choice.
[ Is the NSA tapping your smartphone? Read
NSA Vs. Your Smartphone: 5 Facts
. ]
The NSA director tried to dispel what he called sensationalized media reports about the NSAs activities, explaining that when the NSA collects phone records, it only sees the phone numbers, time of day and duration of each call. There is no content and no names, he said, insisting NSA analysts are not collecting the content of Americas communications.
Wed need a warrant to do that, said Alexander, pointing to provisions in the Foreign Intelligence Surveillance Act (FISA), authorized in 2008. Warrants are issued when Americans are shown to be in contact with foreign targets overseas, and that occurred fewer than 300 times in 2012, he said. Alexander acknowledged that NSA analysts had made technical and operational errors that counted as conduct violations, but insisted that over the past decade, weve had only 12 willful violations where individuals used NSA systems wrongfully, mainly in pursuit of foreign nationals, and we held them accountable.
Information released by former NSA contractor Edward Snowden has exposed the NSA to criticism that NSA analysts have been able to skirt FISA rules. Lawmakers, including Sens. Patrick Leahy (D-Vt.) and Ron Wyden (D-Ore.), have introduced legislation that would end the program that allows the NSA to collect domestic phone records. Turning to cybersecurity concerns, Alexander warned that this past years distributed denial of service attacks on Wall Street and South Korean banks reflect the ever-increasing sophistication and skill of the nations adversaries in cyberspace.
The most important thing we can do is train our people with the technical skills that really matter, he said, noting that a third of the workforce at U.S. Cyber Command has gone through advanced technical training this year, with the rest of the workforce due to complete training by 2015. Part of that training includes Cyber Guard and Cyber Flag exercises, involving teams from the NSA, the Department of Homeland Security, the FBI and the National Guard that focus on joint operations in cyberspace.
This is a threat we have to address, and its one [that] senior military officials are taking seriously, as evidenced by their continued investment in cyber operations even as sequestration is forcing them to cut billions of dollars from their defense budgets, Alexander said.
The thing we have to fix, he said, is the need for a defensible architecture across the Defense Department. The legacy architecture we have today has a number of problems, most notably the difficulty of seeing whats going on across 15,000 IT and communications systems being maintained across the military.
Alexander is among the militarys strongest advocates for moving toward a thin-client, cloud-based computing environment. He refuted the assumption that having your information in 15,000 enclaves is somehow more defensible, arguing for the ability to centrally identify vulnerabilities, administer patches, monitor activity and protect the network from cyber attacks.
Alexander also appealed for support for legislation that would make it easier for the government and the private sector to share cyber threat information, but which faces opposition in Congress out of concern that such an arrangement would undermine civil liberties and impose added burdens on business.
We can tell (banks and other businesses) how their systems went down and how bad they were hit, but if we cant share information with industry, which owns most of the nations critical infrastructure, we cant stop the attacks without greater cooperation, he said.
As for actions the NSA has taken to address insider threats, following the Snowden leaks, Alexander said the NSA has instituted a two-person rule requiring two authorized individuals to be present whenever specific kinds of information are to be transferred from servers or onto removable media.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
NSA Chief: Dont Dump Essential Security Tools