The NSA is going to work with Google to help analyze the recent Chinese (probably) hack. Richard Bejtlich predicted this, and I consider it a very positive development.
It’s a recognition that our IT infrastructure is a critical national asset, and that the government can play a role in helping respond to incidents and improve security. That’s how it should be – we don’t expect private businesses to defend themselves from amphibious landings (at least in our territory), and the government has political, technical, and legal resources simply not available to the private sector.
Despite some of the more creative TV and film portrayals, the NSA isn’t out to implant microchips in your neck and follow you with black helicopters. They are a signals intelligence collection agency, and we pay them to spy on as much international communication as possible to further our national interests. Think that’s evil? Go join Starfleet – it’s the world we live in. Even though there was some abuse during the Bush years, most of that was either ordered by the President, or non-malicious (yes, I’m sure there was some real abuse, but I bet that was pretty uncommon). I’ve met NSA staff and sometimes worked with plenty of three-letter agency types over the years, and they’re just ordinary folk like the rest of us.
I hope we’ll see more of this kind of cooperation.
Now the one concern is for you foreigners – the role of the NSA is to spy on you, and Google will have to be careful to avoid potentially uncomfortable questions from foreign businesses and governments. But I suspect they’ll be able to manage the scope and keep things under control. The NSA probably pwned them years ago anyway.
Good stuff, and I hope we see more direct government involvement… although we really need a separate agency to handle these due to the conflicting missions of the NSA.
Note: for those of you that follow these things, there is clear political maneuvering by the NSA here. They want to own cybersecurity, even though it conflicts with their intel mission. I’d prefer to see another agency hold the defensive reins, but until then I’m happy for any .gov cooperation.
Reader interactions
7 Replies to “The NSA Isn’t Evil (Even Working with Google)”
It is staggering to me the simple ‘dismissal’ of the abusing of civil rights by organizations like the NSA. The idea that they will let those guy anywhere near their data should be scary to everyone. Yes we live in a scary world, but trashing our founding documents in the name of safety is totally unacceptable. I would think that smart, intuitive thinkers would recognize that thousands (if not more than a millions) good people have died so that we don’t have to worry about tyrannical government abusing power and targeting citizen (can we say “your a commie”). Has anyone ever listen to government ‘experts’ talk. OMG, can we say 10 years behind the real hackers of the world. We cant trust these people to take out the trash properly, the idea that they would have a hand in our personal data at any time is terribly destructive to the longer term security of all of us.
I understand Rich’s strong feelings that we have empowers protectors, or maybe even fear of terrorism (i don’t know rich so i wont speak for him) but sacrificing our constitution and our heritage is not he answer.
Its our duty as the ones with the real knowledge to educate the public on real Cyber threats, and not the fear mongering nonsense that is peddled as news. Wake up, Speak Up, and Stand Up.
Rich,
I would also argue that given the evolving nature of conflict, this type of incident response blurs the line between IA and SIGINT. In the business world, the norm is and will continue to be “repel, fix, and forget” because prosecution is too expensive. Now that this has visibility and real (instead of theoretical) recognition as a national security issue, the governmental component of the mission is “plan to neutralize.” If foreign countries view their offensive capabilities as strategic military assets, from NSA’s perspective, their mission is to collect intelligence on those assets.
The choice of words in the article is interesting. The article’s source only states that NSA won’t try to determine the identity of the perpetrators. One could take that to mean that the unstated mission will be to find out how they operate, why they operate, how many discrete actors were involved, the degree of coordination of those actors, and a laundry list of other questions that a SIGINT organization needs to know in order to be able to spy on a nebulous “them.” In that regard, NSA isn’t really acting too far outside of their role. Helping out with IA is really the only motivating value that NSA can bring Google in exchange for first-person access to the intelligence.
Ah, got it. Thanks.
Rich, Sorry about the confusion there. I mean defense as in protection of our networks and communications infrastructure (as in offense vs. defense).
John,
I believe that’s IA for the intelligence community, not general defense. Which makes sense.
While I do agree with your post, just wanted to point out that NSA does have a mission to do Information Assurance (defense), not just SIGINT collection (offense). URL is http://www.nsa.gov/ia/index.shtml
Rich – How do we know the NSA has not planted a chip in the back of your brain and they are telling you to write this? When was the last time you had a chip scan done? Anyway, I agree the NSA is in a political dogfight for control over cybersecurity. They are are as good or better than any of the other contenders.