NSA: Surveillance helped stop 50 attacks
The collections programs leaked by former NSA system administrator Edward Snowden helped the U.S. disrupt more than 50 potential terror attacks, NSA Director Gen. Keith Alexander told lawmakers today. Ten of the cases involved "homeland-based threats," Alexander said in a rare open session of the House Permanent Select Committee on Intelligence.
But don't expect to hear details of those cases.
Alexander said all but four examples discussed publicly by U.S. officials would remain classified. He said saying more about tactics in public would “give our adversaries ways to work around those and attack us or our allies."
Alexander said the intelligence community is still working to finalize the precise number of defused attacks, and that a packet of of information would be delivered tomorrow to the House and Senate intelligence committees.
The hearing gave Alexander and top officials from the FBI, Justice Department and Office of the Director of National Intelligence an opportunity to justify the programs. It was entitled, "How Disclosed NSA Programs Protect Americans, and Why Disclosure Aids Our Adversaries."
Rep. Jan Schakowsky, D-Ill., said she believes the unclassified conversation that played out in the hearing could have been had "up front," meaning long before the Snowden leaks.
Most of the hearing explored the merits of the surveillance programs revealed by Snowden, but Alexander also addressed security. He said NSA would be implementing a "two-person control" system for administrators like Snowden.
That approach is widely used for security in the banking world. "It sounds like what he is talking about is literally requiring two people to be involved in making any type of system configuration change," said Christopher Trautwein, chief information security officer for the International Information Systems Security Certification Consortium, or (ISC)2, which certifies IT workers. "It’s kind of similar to the segregation of duties that would happen in a financial world."
Another way to reduce the risk of leaks would be to cut the number of system administrators. Alexander said that could be done through the community's IT modernization effort. It will include a common operating system across the community. Alexander appeared to call for acceleration of ICITE, the Intelligence Community Information Technology Enterprise.
"If we could jump to that immediately I think that would get us a much more secure environment, and would reduce this set of problems," he said.
ICITE is a troubled program. Roll out of an initial version at two agencies has slipped five months, and the community hasn't established how it will pay for implementing it across all 17 intelligence agencies.
Hearing excerpts >>
Alexander on "Critical leads" >>
“As we stated, these programs are immensely valuable for protecting our nation and securing the security of our allies. In recent years, the information gathered from these programs provided the U.S. government with critical leads to help prevent over 50 terrorist events in more than 20 countries around the world. FAA (Foreign Intelligence Surveillance Act Amendments Act of 2008) 702 contributed in over 90 percent of these cases. At least 10 of these events included homeland-based threats. In the vast majority, business records FISA reporting contributed as well. I would also point out that it is a great partnership with the Department of Homeland Security in those with a domestic nexus."
Alexander on security improvements >>
• "I talked to our technology directorate about the two-person control for system administrators to make any change. We are going to implement that..."
• "...you may recall that the intelligence community looked at a new information technology environment that reduces the number of system administrators. If we could jump to that immediately I think that would get us a much more secure environment, and would reduce this set of problems. It’s something that the DNI is leading and that we’re supporting, as you know across the community. I think that is absolutely vital to get to.
Schakowsky says better to talk "up front" >>
"...we would have been better off at having a discussion of vigorous oversight, the legal framework, et cetera, up front, and how this could prevent perhaps another 9/11, and in fact, 50 or so, attacks."
Alexander says no " rogue operation" >>
“This isn’t some rogue operation that a group of guys up at NSA are running. This is something that has oversight by the committees, the courts, the administration, and a hundred percent auditable process under business records."
It would be interesting to see some definitions of ‘attack’ and ‘defused’. While it is difficult to prove a negative, one really hopes that there will be some rigour about how such terms are being applied. At what point does an irregular activity become a threat? At what point does that threat translate into an attack i.e. how much potential does an ‘attack’ need to carry to be credible/ And how tenuous (or not) is the link between the data collated by the NSA and the defusing of the attack.
I must admit that I am just a little sceptical about the robustness of the whole thing when the NSA is only now looking at implementing a two-person change authority system – that is neither new nor rocket science and a process that one might reasonably expect to permeate all aspects of an agency like the NSA.
I’m all for taking the gloves off to deal to the bad guys but some much of this sounds like corporate goobledegook and political tap-dancing that defence of a real capability…