NSA May Be 'Traffic Cop' for U.S. Networks

[David Farber <dave () farber net>]

February 14, 2005

NSA May Be 'Traffic Cop' for U.S. Networks
By THE ASSOCIATED PRESS
 

Filed at 6:58 p.m. ET

WASHINGTON (AP) -- The Bush administration is considering making the
National Security Agency -- famous for eavesdropping and code breaking --
its ``traffic cop'' for ambitious plans to share homeland security
information across government computer networks, a senior NSA official says.

Such a decision would expand NSA's responsibility to help defend the complex
network of data pipelines carrying warnings and other sensitive information.
It would also require significantly more money for the ultra-secret spy
agency.

The NSA's director for information assurance, Daniel G. Wolf, was expected
to outline his agency's potential role during a speech Wednesday at the RSA
technology conference in San Francisco. In an interview preceding his
speech, Wolf told The Associated Press that computer networks at U.S.
organizations are like medieval castles, each protected by different-size
walls and moats.

As the U.S. government moves increasingly to share sensitive security
information across agencies, weaknesses inside one department can become
opportunities for outsiders to penetrate the entire system, Wolf warned.
Attackers could steal sensitive information or deliberately spread false
information.

``If someone isn't working on being a traffic cop, giving guidance on how
secure they need to be, a risk that is taken by one castle is really shared
by other castles,'' Wolf said. ``Who's defining the standards? Who says how
high the walls should be?''

The NSA already helps protect systems deemed vital to the nation's security,
such as those involved in intelligence, cryptography and weapons. Wolf said
the administration is considering whether to designate its fledgling
information-sharing efforts also under the NSA's purview.

The White House Office of Management and Budget currently directs efforts by
civilian agencies to secure their computer networks.

The NSA's information security programs are highly regarded among experts.
``Bring it on. This clearly ought to be done,'' said Paul Kurtz, a former
White House cybersecurity adviser and head of the Washington-based Cyber
Security Industry Alliance, a trade group. ``This will raise the bar across
the federal government to a far more secure infrastructure.''

Congress has directed the NSA and the Department of Homeland Security to
study the architecture and policies of computers for sharing sensitive
homeland security information.

In the latest blueprint for U.S. intelligence spending, lawmakers warned
that attackers always search for weak links and that connecting distant
systems ``will further increase the vulnerability of networks that
originally were developed to be susbstantially isolated from one another.''

It's unclear how the NSA's efforts would affect private companies, which own
and operate many of the electrical, water, banking and other systems vital
to government. Wolf said the agency already works to secure such systems
important to military installations, but he denied that NSA would have any
new regulatory authority over private computers.

``When we talk about being the traffic cop, we're not in charge of these
networks,'' Wolf said. ``We're not running these networks.''

It also was unclear how much the effort might cost.

``If you're going to have a network that everyone in government can get
into, that means some agencies are going to have to come up to meet new,
higher standards, and that's expensive,'' said James Lewis, director of
technology policy at the Center for Strategic and International Studies, a
conservative think-tank.


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/