CybersecuritySnowden’ leaks derailed important cybersecurity initiatives
Edward Snowden’s leaks created such a climate of distrust around the NSA that many important cybersecurity initiatives died, stalled, or became non-starters. Security experts say that this is a case of throwing the baby out with the bathwater, and that the result of these stalled cybersecurity initiatives is that the United States is now more vulnerable to cyberattacks on its infrastructure, and government agencies and American corporations more exposed to sensitive information being compromised and stolen. U.S. officials have found it more difficult to respond to cyberattacks from Russia, China, and elsewhere. “All the things [the NSA] wanted to do are now radioactive, even though they were good ideas,” says James Lewis, a cybersecurity expert at the Center for Strategic and International Studies(CSIS).
Before former National Security Agency(NSA) contractor Edward Snowden leaked classified documents on agency surveillance operations, NSA director, General Keith Alexander, was preparing to present to Congress and the public his proposal for the NSA to defend America’s private computer networks against cyberattacks. The proposal called for the NSA to scan Internet traffic for malicious software code without accessing consumers’ e-mails or digital content.
The NSA is tasked with defending military and other national security computer networks. Alexander wanted the authority to prevent hackers from accessing and stealing intellectual property from American banks, defense contractors, telecommunications systems, and other critical institutions.
Alexander’s proposal, however, became a victim of Snowden’s leaks. The Los Angeles Times reports that Snowden’s disclosures made it impossible for Alexander to pursue his initiative because he disclosures created a climate of distrust around the NSA. Alexander’s proposal was only one of several Obama administration initiatives held back by the Snowden leaks.
Security experts say that this is a case of throwing the baby out with the bathwater. The result of these stalled cybersecurity initiatives is that the United States is now more vulnerable to cyberattacks on its infrastructure, and government agencies and American corporations more exposed to sensitive information being compromised and stolen. U.S. officials have found it more difficult to respond to cyberattacks from Russia, China, and elsewhere, and American intelligence agencies now consider cyberattacks as a greater threat to national security than terrorism.
“All the things [the NSA] wanted to do are now radioactive, even though they were good ideas,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies(CSIS).
Later this year the Obama administration will release voluntary guidelines that critical infrastructure firms should apply to their cybersecurity policies. In an effort to maintain cybersecurity relations with other nations, the State Department’s cyber coordinator, Christopher Painter, has reached agreements with Russia to smooth communications regarding cyber issues. President Obama’s warnings to Chinese president Xi Jinping to cease state-sponsored hacking of American corporations, however, have not been effective.
The U.S. position that governments hacking other governments for military and other official secrets is permissible, but governments hacking corporations for trade secrets is not permissible, will be hard to sell to other countries. Leaked documents reveal that the NSA conducted surveillance programs on Brazil’s energy corporation Petrobras, among other companies. Though the U.S. government insists that governments should not spy on businesses, “the rest of the world ignores us because the U.S. position has no basis in international law, it is obviously self-serving, and it seems trite in the context of its massive surveillance in other contexts,” Harvard law professor Jack Goldsmith, a former legal advisor to President George W. Bush, told the Times.
CrowdStrike, a security technology and services firm recently identified a Russian campaign to steal data from hundreds of American, European, and Asian companies. CrowdStrike did not release the companies’ names citing confidentiality agreements.
Many American companies rely on an open information flow via the Internet, but do little to protect their digital infrastructure. The Federal Bureau of Investigation (FBI), NSA, and Department of Homeland Security (DHS) are barred by law from sharing malware signatures, obtained from classified systems, with the public. The Obama administration’s effort to legalize such sharing of information in the Cyber Intelligence Sharing and Protection Act, has stalled in Congress owing to concerns that telecommunication and technology companies would provide consumer data to the NSA, as the Snowden leaked documents revealed.
DHS’ operation Einstein monitors Internet traffic to identify attacks on government networks. General Alexander hoped to implement a similar program for the World Wide Web, but that effort, too, has been derailed by Snowden’s leaks.
Snowden “has slowed everything down,” Representative Mike Pompeo (R-Kansas), who serves on the House Intelligence Committee, told the Times.