It appears that the NSA’s plan to protect the US against cyber-warfare will be shot down in the near future. According to The New York Times, officials inside the Obama administration say that the plan comes too soon after the NSA’s disclosures about its surveillance programs to be implemented. The plan would have essentially been a “cyber-Star Wars” program designed to detect and intercept cyber-attacks before they could take down power grids or financial institutions. But given the amount of public outcry about the NSA’s PRISM program, it’ll be a while before we get to see if it would work (if it ever gets approved at all).
There may be good reasons to block the NSA’s plan, at least in the eyes of some. A senior official inside the NSA admitted that the cyber-warfare defense plan would have used the same type of strategy used in the PRISM program. The system would have intercepted incoming files and searched them for malware programs (programs used for stealing information) much like the PRISM program involved collecting phone records and combing them for terrorist communications. The official stated, “Whatever trust was there is now gone. I mean, who would believe the NSA when it insists it is blocking Chinese attacks but not using the same technology to read your e-mail?” The big difference is that the NSA still needed a warrant to actually access the collected files under the PRISM program. Under the cyber-defense plan, the NSA would have needed the ability to act immediately without a court order if it detected a cyber-attack. Otherwise the program would be useless since malware can cause instant damage to our infrastructure.
But therein lies the difference between the PRISM program and the NSA’s new strategy against cyber-warfare. Most terrorist attacks are planned months, sometimes years in advance and often leave some sort of paper trail to follow. Obviously this is not always the case and we can’t always pick up on physical attacks, but the point is that we have more of a chance to pick up on these than we do with cyber-warfare. Where a physical attack would probably take coordination between multiple people or terrorist cells in addition to finances, a cyber-attack could take one person sitting behind a computer to wreak havoc across the US. The NSA’s own exercises show that a few highly motivated people can infiltrate networks set up by our best and brightest students at some of our most prestigious universities.
What I’m proposing is that we take a step back and look at the differences between the PRISM program and the NSA’s plan to thwart cyber-terrorism. It sounds like this proposal has already been shot down, but it’s certain as technology continues to develop that a similar plan will be presented to Congress down the road. It’s hard to trust the NSA. I’ve said from the beginning of this saga that we value our privacy and don’t like the idea of the government collecting our data. I get that. But I’m guessing plenty of people would change their tune about the NSA if a cyber-attack took down our power grids and banks. All I’m saying is let’s not get so anti-NSA that we forget the importance of defense. We can’t afford to let our guard down completely.
Chris Whitten, Research Fellow
Center for Policy and Research