NSA May Be 'Traffic Cop' for U.S. Networks

Mon Feb 14 19:28:46 EST 2005

<http://www.kansascity.com/mld/kansascity/news/politics/10898954.htm?template=contentModules/printstory.jsp>

Posted on Mon, Feb. 14, 2005

TED BRIDIS
Associated Press

WASHINGTON - The Bush administration is considering making the National
Security Agency - famous for eavesdropping and code breaking - its "traffic
cop" for ambitious plans to share homeland security information across
government computer networks, a senior NSA official says.

Such a decision would expand NSA's responsibility to help defend the
complex network of data pipelines carrying warnings and other sensitive
information. It would also require significantly more money for the
ultra-secret spy agency.

The NSA's director for information assurance, Daniel G. Wolf, was expected
to outline his agency's potential role during a speech Wednesday at the RSA
technology conference in San Francisco. In an interview preceding his
speech, Wolf told The Associated Press that computer networks at U.S.
organizations are like medieval castles, each protected by different-size
walls and moats.

As the U.S. government moves increasingly to share sensitive security
information across agencies, weaknesses inside one department can become
opportunities for outsiders to penetrate the entire system, Wolf warned.
Attackers could steal sensitive information or deliberately spread false
information.

"If someone isn't working on being a traffic cop, giving guidance on how
secure they need to be, a risk that is taken by one castle is really shared
by other castles," Wolf said. "Who's defining the standards? Who says how
high the walls should be?"

The NSA already helps protect systems deemed vital to the nation's
security, such as those involved in intelligence, cryptography and weapons.
Wolf said the administration is considering whether to designate its
fledgling information-sharing efforts also under the NSA's purview.

The White House Office of Management and Budget currently directs efforts
by civilian agencies to secure their computer networks.

The NSA's information security programs are highly regarded among experts.
"Bring it on. This clearly ought to be done," said Paul Kurtz, a former
White House cybersecurity adviser and head of the Washington-based Cyber
Security Industry Alliance, a trade group. "This will raise the bar across
the federal government to a far more secure infrastructure."

Congress has directed the NSA and the Department of Homeland Security to
study the architecture and policies of computers for sharing sensitive
homeland security information.

In the latest blueprint for U.S. intelligence spending, lawmakers warned
that attackers always search for weak links and that connecting distant
systems "will further increase the vulnerability of networks that
originally were developed to be susbstantially isolated from one another."

It's unclear how the NSA's efforts would affect private companies, which
own and operate many of the electrical, water, banking and other systems
vital to government. Wolf said the agency already works to secure such
systems important to military installations, but he denied that NSA would
have any new regulatory authority over private computers.

"When we talk about being the traffic cop, we're not in charge of these
networks," Wolf said. "We're not running these networks."

It also was unclear how much the effort might cost.

"If you're going to have a network that everyone in government can get
into, that means some agencies are going to have to come up to meet new,
higher standards, and that's expensive," said James Lewis, director of
technology policy at the Center for Strategic and International Studies, a
conservative think-tank.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com