Archive for the ‘NSA’ Category

Time to End the Dual Hat? – Council on Foreign Relations

Erica D. Borghard is a senior fellow with the New American Engagement Center at the Scowcroft Center for Strategy and Security at the Atlantic Council.

The extraordinary scope and scale of the SolarWinds breach, in which presumptive Russian threat actors gained access to dozens of federal government networks, have reinvigorated outstanding questions about the continued viability of the dual-hat authority structure that governs the National Security Agency (NSA) and U.S. Cyber Command. In the midst of revelations about the SolarWinds breach, it was rumored that the Trump administration would push through an end to one individual sitting at the top of the NSA and Cyber Command in the waning days of the administration. This hasty proposal garnered significant resistance, especially in Congress, and the four legislative commissioners on the U.S. Cyberspace Solarium Commission issued a statement strongly opposing the dual hat split. Yet, this is unlikely to be the end of the debate, and some have argued that, among other things, the NSAs support to Cyber Commands operational requirements could haveinadvertently contributed to the intelligence failure of not anticipating or uncovering the SolarWinds incident. However, calls for the immediate separation of the dual hat are premature. The Biden administration should take a deliberate approach that weighs a number of important equities and concerns.

More on:

Cybersecurity

National Security Agency (NSA)

U.S. Department of Defense

When Cyber Command was created in 2009 under U.S. Strategic Command, it was vested with a leadership structure in which the same individuala four-star flag or general officerwould simultaneously serve as the director of the NSA with Title 50 authorities [PDF] and commander of Cyber Command with Title 10 authorities. The decision was likely made for a number of reasons. Cyber Command was a new organization with few resources, including personnel, access, and tools, and NSA could help it develop. There is also a high potential of overlap between military and intelligence operations in cyberspace and a dual-hatted leader could deconflict and reconcile competing prerogatives and interests across NSA and Cyber Command.

Net Politics

CFR experts investigate the impact of information and communication technologies on security, privacy, and international affairs.2-4 times weekly.

How long the dual hat would last was always uncertain. For instance, in 2016 there were reports that the Director of National Intelligence and Secretary of Defense at the time were recommending its separation. However, in the 2017 National Defense Authorization Act (NDAA), Congress established in law specific conditions to be metto which the Chairman of the Joint Chiefs of Staff and Secretary of Defense would have to certifythat would enable the dual hats separation to proceed. The question of separation remerged in 2018 after Cyber Command was elevated to a unified combatant command and the Cyber Mission Force achieved full operational capability. However, in the 2020 NDAA Congress amended the existing requirements to raise the bar for its split. Of note, Congress added an additional requirement beyond Cyber Command achieving full operational capabilitywhich at that point had already occurredto include having a demonstrable capability to carry out all of the Defense Departments missions in cyberspace. Congress also strengthened the requirement for Cyber Command to be able to develop its own accesses and capabilities. At this point, there has been no certification to Congress that the conditions specified in law have been met.

Separating NSA and Cyber Command is more of a question of when than if. Since its establishment, Cyber Command had considerably developed in terms of organization, personnel, capabilities, and operational experience. At the same time, with the introduction of the defend forward [PDF] concept, in which cyber forces maneuver outside of U.S.-controlled cyberspace, the scope of its mission has expandedas have the demands placed on the NSA for tactical intelligence support to Cyber Commands operations. Given this, the responsibility for both an operational combatant command with a growing mission set, as well as an intelligence agency with critical cryptological and signals intelligence missions, could be optimally performed by two distinct individuals rather than one.

That said, the Biden administration will have significant discretion to shape the timing and sequencing of what is likely an inevitable split of the dual hat. While the law does stipulate six conditions that would need to be met to precipitate the dual hats separation, Congress did not provide much guidance in terms of metrics corresponding to those conditions. In other words, the type of evidence that would confirm or deny Cyber Commands operational maturity remains underspecified, giving considerable latitude to the executive branch to shape the timing and conditions under which certification would occur.

In evaluating these issues, the Biden administration should take into account three considerations. First, given the implications of the SolarWinds breach, it should immediately conduct a comprehensive review of the SolarWinds intelligence failure, to include assessing the extent to which competing Cyber Command and NSA equities over the prioritization of military versus intelligence missions could have played a role. Second, it should develop measures of effectiveness for Cyber Command that go beyond existing readiness metrics to inform decision-making around the timing of the split. Finally, pursuant to the 1986 Goldwater-Nichols Act, the NSA is designated as a combat support agency to provide intelligence support to military operations. In the context of dual-hatted authorities, this function is inherently integrated into the NSA-Cyber Command structure. Therefore, in assessing the conditions under which to separate the dual hat, the Biden administration should conduct a review of how NSA would function in its combat support agency role when split from Cyber Command and provide recommendations to preserve the continuity and institutionalization of that role.

More on:

Cybersecurity

National Security Agency (NSA)

U.S. Department of Defense

Digital and Cyberspace Update

Digital and Cyberspace Policy program updates on cybersecurity, digital trade, internet governance, and online privacy.Bimonthly.

Taken together, this suggests that, while there are compelling reasons consider splitting the dual hat, the road ahead should be slow and methodical.

See original here:
Time to End the Dual Hat? - Council on Foreign Relations

Red Widow CIA Drama Based On Book In Works At Fox With Sarah Condon Producing – Deadline

EXCLUSIVE: Fox has put in development Red Widow, a one-hour CIA thriller based on Alma Katsus forthcoming book, which Sarah Condon (HBOs Bored to Death, Looking) is executive producing. A search is underway for a writer to pen the adaptation via an open writing assignment.

In Red Widow, the lives of two female CIA agents become intertwined around an internal threat to the Agencys Russia Divisionas they navigate the mostly male world of intelligence. The novel captures the kind of thorny, manipulative behind-the-scenes machinations that take place inside intelligence headquarters that only a true insider would know.

Author and former NSA/CIA senior intelligence analyst Katsu, whose book Red Widow is set for release March 23 by Putnam, is attached as an executive producer. Fox Entertainment is the studio. The project is not related to the 2013 ABC series Red Widow or the Dutch drama on which it was based.

Related Story'Blood Relative': Dascha Polanco, Tracie Thoms & Sarah Catherine Hook Cast In Fox Drama Pilot

Katsu spent three decades in intelligence as a senior analyst and in management at CIA and NSA. She has also been a senior analyst at Rand and currently is a consultant to government and private industry on technology forecasting and analytic methods. Her most recent novel, The Deep, is a reimagining of the sinking of Titanic and its sister ship Britannic. She is best known for The Hunger, an award-winning reimagining of the story of the Donner Party with a horror twist. The Hunger made NPRs list of the 100 Best Horror Stories and was named one of the best novels of 2018 by the Observer, Barnes & Noble, and other outlets. The Taker, her debut novel, was named a Top Ten Debut Novel of 2011 by Booklist and has been published in over ten languages. It was the first in an award-winning trilogy that includes The Reckoning and The Descent. Katsu is repped by Angela Cheng Caplan of Cheng Caplan Company, Richard Pine and Eliza Rothstein of Inkwell Management, and attorney Allison Binder of Goodman Genow Schenkman.

Condon most recently served as executive producer on Dare Me, which aired for one season on USA Network. She previously served as an executive producer on all three seasons of HBOs Bored to Death and on both seasons of Looking. She also was an executive producer on HBOs Mrs. Fletcher. Condon is repped by Bob Myman at Myman Greenspan Fox.

Follow this link:
Red Widow CIA Drama Based On Book In Works At Fox With Sarah Condon Producing - Deadline

Cyr column: Intelligence involves art along with science – HollandSentinel.com

Columns share an authors personal perspective.*****

Here is a book you should have, Mr. Director.

With that, Jacqueline Kennedy handed CIA director Allen Dulles a copy of From Russia with Love by Ian Fleming, the latest novel in the series about lethal British agent James Bond. Their 1957 encounter in Palm Beach, Florida, bears on national security, essential by definition.

Effective intelligence gathering and analysis is vital to any nation. The 2020 deaths of actor Sean Connery and author John Le Carr add poignancy to this distinctive, complex subject.

Connery was the first James Bond in the durable movie franchise. Le Carr is arguably the most successful, as well as subtle and challenging, among contemporary spy novelists on either side of the Atlantic.

Peter Gross includes Mrs. Kennedys comment in Gentleman Spy, a comprehensive biography of Dulles. At the time, her husband was emerging as front-runner for the 1960 Democratic presidential nomination.

John F. Kennedys fondness for Bond novels sparked the durable movie franchise. Hollywood Bonds fetish for high-tech equipment, however, contrasts with Bond of Flemings novels.

Both Dulles and Fleming served as intelligence officers during World War II, as did le Carr during the Cold War. Anglo-American intelligence cooperation began in World War I, grew close after World War II began.

Agent Fleming recommended in detail the sort of American to head a new office in New York. Dulles fit Flemings description, and got the job.

Dulles later managed operations in Switzerland, a neutral arena for agents of the Allies and Axis. A vast cast of characters in between encompassed fanatics, fools, fraudsters and geniuses. Electronic surveillance existed, but the working environment and challenges were essentially human.

Dulles handled an overwhelming job skillfully, contributing to ultimate Allied victory and President Dwight Eisenhower picked him to run the CIA. Then and later, the agency effectively combined human and technological means. The less visible NSA (National Security Agency) favors sophisticated electronic surveillance.

By contrast, the British traditionally and currently place a much higher priority on human intelligence. Arguably, this has been one factor among others in their success in handling varied insurgencies. This observation holds during their long colonial history, and since.

Human intelligence was important in finally achieving the extraordinary peace agreement in Northern Ireland at the turn of the century. Skillful negotiation, where former U.S. Senator George Mitchell (D-Maine) was a leader, was also important.

Modern technology greatly facilitates surveillance. Americans seem more aggressive than British regarding this dimension, a bias that undermines effectiveness.

In 1967, amid public unrest, U.S. Army General William P. Yarborough, Assistant Chief of Staff for Intelligence, initiated illegal domestic surveillance involving Army Intelligence and CIA as well as the NSA. The following decade, public exposure by the U.S. Senate Intelligence Committee led by Senator Frank Church (D-Idaho) ended this. Nonetheless, since the 9/11 attacks, security agencies have renewed broad public surveillance, especially electronically.

From the early 1950s, various investigations and developments revealed five British government professionals were Soviet spies. The U.S. also has had such traitors, including recently Aldrich Ames (CIA) and Robert Hanssen (FBI); both are now serving life sentences.

Late in 2020, Britain left the European Union and the U.S. elected a new president. This provides an opportunity to review frayed cooperation, including the right balance between human and technical intelligence.

Likewise, reasonable balance between civil liberties and national security is inherently challenging, but ultimately essential.

Learn more: John le Carr, Tinker, Tailor, Soldier, Spy, book, film and miniseries.Arthur I. Cyr is Clausen Distinguished Professor at Carthage College and author of After the Cold War (NYU Press and Macmillan). Contact acyr@carthage.edu.

Read more here:
Cyr column: Intelligence involves art along with science - HollandSentinel.com

NSAs cyber directorate marks a year in operation – Federal News Network

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drives daily audio interviews onApple PodcastsorPodcastOne.

Few agencies are more concerned with cybersecurity than the National Security Agency. One might say NSA has cyber in its DNA. Recently the agencys cybersecurity directorate marked a full year of operations. For details on what its managed to get done, deputy director Dave Luber spoke to Federal Drive with Tom Temin.

Tom Temin: Mr. Luber, good to have you on.

Dave Luber: Tom, great to be here today.

Tom Temin: So first of all tell us roughly in general terms what the Cybersecurity Directorate does for NSA, and I guess youve got a kind of a government wide mission also.

Dave Luber: Well, thanks Tom. Cybersecurity Directorate was formed in 2019, and was created to integrate NSA cybersecurity mission to prevent and eradicate threats to our nations most sensitive systems and critical infrastructure. The Cybersecurity Directorate integrates NSA threat intelligence, vulnerability analysis, cryptographic knowledge, defensive operations and diverse technical expertise. Our cybersecurity year end review goes into more detail to this work we did towards the mission in 2020. And thats the first year of our full year as a Cybersecurity Directorate.

Tom Temin: Alright. And how many people are involved? Give us a sense of the scope of the activity here. And by the way, are you headquartered at the main NSA location?

Dave Luber: We are headquartered at the NSA main location in Fort Meade. And we have a vast number of folks that are part of our team, and just a great group of folks and professionals.

Tom Temin: And before we get into some of the specific accomplishments listed in the annual report, I just wanted to ask you, you think of the Cybersecurity and Infrastructure Security Agency at Homeland Security, CISA, as being in a similar type of activity. Do you to talk to one another and is there some sort of collaboration or cooperation there?

Dave Luber: Absolutely, in fact, CISAs one of our prime partners, but not the only partner that we have across the US government. And Ill get into a little bit more of that when I talk about some of the activities that weve engaged on collectively together.

Tom Temin: Well, lets get into that annual report thats online. And what do you consider some of the top highlights?

Dave Luber: Well, first off, the top highlights, the Cybersecurity Year in Review was really created to demonstrate the returns on investment that NSA made in the cybersecurity area and for the stakeholders and the American taxpayers. Really, the document is a testament to the skills and resiliency of the NSA people, and the partners across the public and private sectors who worked together throughout the year to protect the US in cyberspace. The Year in Review, we really created this to highlight and an unclassified way the accomplishments that were driven by our tremendous workforce and the partners, and to even provide greater transparency to the audiences as we lean forward in this first year. And Id be happy to go into some additional details on some of the things that we worked in that report.

Tom Temin: Well, you mentioned that there were 30 actionable cybersecurity products. And tell us more about those these are things that you coded or programmed? You tell me.

Dave Luber: Really, when I talk about the cybersecurity advisories and products, what Im really talking about is security guidance, or assessments that weve put together to help our customers in the national security system, national security systems owners, the Department of Defense, the defense industrial base, and many others within government, understand how to configure their systems and understand also the threats that they may see from cyber actors. So whether thats making sure that we protect our nations vital vaccine and make sure the networks are protected from actors who may try and target vaccine makers, or when we talk about nation states that may want to use public vulnerabilities to gain access to your networks.

Tom Temin: Got it. And heres where maybe the collaboration with CISA would come in, and also maybe the National Institute of Standards and Technologies. They have advisories and guidance and so forth, yours seems to be maybe more oriented toward the intelligence community and DoD, the classified end.

Dave Luber: Both national security systems owners, yes, on the classified end, but also the unclassified end. So just to give you an example, one of the efforts that we put together in one of our products, we issued this jointly between NSA, CISA and partners in the UK and Canada to warn against a particular advanced persistent threat targeting organizations engaged in COVID-19 vaccine research in the US and the UK and Canada. So that joint advisory provided really important indicators of compromise and detection techniques, and actionable mitigations. And as you might imagine, those sorts of advisories then help those in the vaccine process and developing the vaccine to really go and look at their networks, examine those networks and put mitigations in place.

Tom Temin: Theres one highlight thats really interesting and that is you supported the DoDs transition to telework and releasing written products and providing commercial solutions for classified capability packages. And this applies to 100,000 people. Tell us more about that one.

Dave Luber: Sure, absolutely. And COVID-19 really made us rethink how we work across government. And just like the rest of the the United States, the US government started transitioning many of their employees to working from home. So our experts in the cybersecurity mission rose to the occasion really to support the DoD into the transition of telework, but also enabling more than 100,000 users to telework securely. And as you might imagine, that included everything from releasing the best practices and products to use in a telework environment, as well as how to identify and mitigate compromises to personal home networks as more users begin to use those as part of their official business.

Tom Temin: Yes, because thats a mode of work thats likely to continue at a high level for some time, maybe even after the pandemic.

Dave Luber: Absolutely. So this work continues and we are constantly engaging with many partners across the DoD and other national security systems owners to further refine that guidance and provide additional insights as we learn more about the best ways to operate securely in a telework environment.

Tom Temin: And getting back to the operation warp speed, which you supported again with advisories and so forth, and what to watch out for, did you detect any particular heightened activity other than what goes on normally out there in the wild directed toward that research and toward those companies?

Dave Luber: As I mentioned, NSA provides threat intelligence and cybersecurity advisements. And if we start to see demonstrated activity where advanced persistent threats are targeting organizations, especially those that are important to our national security, such as the vaccine research that was going on, were absolutely going to get those advisories out and get that information out to those so they can protect their networks. Operation Warp Speed is really a whole government effort led by the Department of Defense and Health and Human Services. We wanted to make sure that that team was poised and charged to produce and deliver safe and effective COVID vaccine capabilities.

Tom Temin: So now all you have to do is get it made and distributed and the country will be better off. And let me ask you this, what are you looking for in 2021 and beyond? You helped secure an election, thats over with, and Operation Warp Speed is mostly done because there is a vaccine. So what comes up next?

Dave Luber: Certainly when you think about what comes up next, we have been working, as you might know, on a number of different activities going on. Our cybersecurity advisories continue to be a very important part of our future and making sure that we can get those insights out to our customers, and to make sure that they have the best guidance possible to secure their networks against very advanced cyber threats.

Tom Temin: Because a lot of agencies including DoD and their statutory requirements to get after security of the supply chain, and then the SolarWinds issue hit which was a supply chain breach, so is supply chain part of what youre looking at in depth coming up?

Dave Luber: Absolutely. This was a cyber espionage operation which was executed at scale and speed with very nuanced tactics and techniques and procedures. The actor targeted private sector technology providers who both serve the government and corporate clients and used that access to gain a foothold into their victims. And then they carefully picked specific victims of interest. So due to the nature of the foreign intelligence and cybersecurity mission, we are out there providing support to both US government entities that have been affected by this activity.

Tom Temin: And one more question, at the website there is a illustration It looks like a wall chart of the 2020 accomplishments. And it says can you find the hidden message in this graphic, but its very tiny on a web browser. And no matter what I did, I couldnt get that to enlarge. So how do people get to that wall chart so that they can solve the hidden message in the graphic?

Dave Luber: I believe our wall chart is available on nsa.gov.

Tom Temin: Alright, and someone could download and print it and stick it up and figure it out?

Dave Luber: Thats correct.

Tom Temin: Dave Luber is Deputy Director of the Cybersecurity Directorate at the National Security Agency. Thanks so much for joining me.

Dave Luber: Thank you.

View original post here:
NSAs cyber directorate marks a year in operation - Federal News Network

Targets of the Solorigate threat actors. Congress asks NSA about backdoors. Cyberspace Solarium’s Transition Book. – The CyberWire

Bloomberg reports speculation that Russian intelligence services may have been especially interested in what they could glean from tech and cybersecurity firms over the course of the SolarWinds supply chain compromise. Insight into defenses and cyber tools would have been particularly valuable.

IT and cyber firms didnt, however, comprise the entire list of private sector targets. Infosecurity Magazine notes that the Sunburst vulnerability has been determined to affect a number of manufacturing companies. Kaspersky CERT found that targeting broke down as follows: 32.4% of all victims were industrial organizations, with manufacturing (18.11% of all victims) by far the most affected." Utilities (3.24%), construction (3.03%), transportation and logistics (2.97%), and oil and gas (1.35%) also figured in the list.

Solorigate has provoked Congressional interest in an earlier incident, a 2015 breach of Juniper Networks servers in which the attackers made small changes to code for the Dual_EC_DRBG encryption algorithm. NIST had promulgated the NSA-developed algorithm as a standard for encryption in 2006. Bloomberg Law reports that two Senators and eight Representatives have signed a letter asking NSA to explain whether it had backdoored the encryption in ways that enabled hostile intelligence services to compromise the software supply chain.

The Cyberspace Solarium Commission has produced a Transition Book for the new US Administration. They recommend three steps for immediate action:

Originally posted here:
Targets of the Solorigate threat actors. Congress asks NSA about backdoors. Cyberspace Solarium's Transition Book. - The CyberWire