Saturday, February 06, 2016

National Security Agency Plans Major Reorganization

The Washington Post reports National Security Agency plans major reorganization "The National Security Agency, the largest electronic spy agency in the world, is undertaking a major reorganization, merging its offensive and defensive organizations in the hope of making them more adept at facing the digital threats of the 21st century, according to current and former officials."

"In place of the Signals Intelligence and Information Assurance directorates — the organizations that historically have spied on foreign targets and defended classified networks against spying, respectively — the NSA is creating a Directorate of Operations that combines the operational elements of each."

"“When it comes to cyber in particular, the line between collection capabilities and our own vulnerabilities — between the acquisition of signals intelligence and the assurance of our own information — is virtually nonexistent,” said Rep. Adam B. Schiff (Calif.), the ranking Democrat on the House Intelligence Committee. “What is a vulnerability to be patched at home is often a potential collection opportunity abroad and vice versa.”"

Bruce Schneier doesn't think it's a good idea: "I think this will make it even harder to trust the NSA. In my book Data and Goliath, I recommended separating the attack and defense missions of the NSA even further, breaking up the agency. (I also wrote about that idea here.) And missing in their reorg is how US CyberCommmand's offensive and defensive capabilities relate to the NSA's. That seems pretty important, too."

It seems to me that the real problem is that NSA targets use the same systems as we do, and by we I mean our government, industry and civilians. By definition a hole in these systems means we're vulnerable too and fixing that hole removes a spying opportunity. If the offensive unit isn't going to share vulnerabilities then perhaps they should be separate.

No comments: