NSA wants even closer partnership with tech industry

New York, N.Y. -- The National Security Agency's director of information assurance today said the "way to achieve confidence in cyberspace" is to increase collaboration between the government and the high-tech industry -- remarks that rang ironic given former NSA contractor Edward Snowden's revelations about how NSA works with industry.

NSA documents leaked by Snowden showed that the NSA's goal is to build backdoors into commercial products and weaken encryption to make it easier for surveillance, allegations that the U.S. government has not even tried to refute. When asked about that today, NSA director of information assurance Debora Plunkett, who gave the keynote address at the New York Institute of Technology Cyber Security Conference here, flatly refused to discuss the topic. But her keynote address was intended to get hardware and software vendors to work in ever-closer partnership with the NSA.

Cyberattacks that could take electricity grids offline and disrupt transportation systems are possible, Plunkett said in her keynote, pointing out the destructive attack that hit Saudi Aramco last year and impacted data systems there.

[RELATED:Reported NSA actions raise serious questions about tech industry partnerships

MORE:Black Hat: Top 20 hack-attack tools]

It's a simple matter to hire hacking services to carry out attacks such as denial-of-service, she said, and the fear now is of "integrity attacks" that would destroy or alter critical data. These are all "cyber security challenges," she noted, and the government today is largely dependent on commercial hardware and software for which the NSA itself cannot "provide indemnification." NSA's needs industry's help, she said.

Plunkett said "we have to have a community come together" to collaborate on security in mobility and the cloud especially. The NSA expects that the future of network security lies in "more automated cyber defense" based on "large-scale automation" that would reduce the need for manpower where there would be more real-time sharing of findings. She said there's a need for collaboration with ISPs and hardware companies to achieve all of this. "We have to build a close partnership," she said, adding, there can be "confidence in cyberspace" if "we stay the course."

Plunkett is a 29-year veteran of the NSA who worked her way up through the ranks to have a hand in guiding strategic direction for the agency, which carries out surveillance to help defend the country against cyberthreats.

But NSA documents recently leaked by Snowden show that the NSA views its partnership with industry in part as a way to subvert security in commercial products and services to make cyber-spying easier. This revelation casts NSA's call for industry partnership and its insistence that there can be "confidence in cyberspace" in a questionable light.

There were other presentations made at the Cyber Security Conference today that suggested how cyberattacks are disrupting U.S. businesses.

Andre McGregor, FBI special agent at the New York Cyber Branch, said he has been involved in countless investigations related to cyber intrusions at both large and small companies. He said it sometimes surprised him to find that even at the largest companies, there was inadequate use of the security defense based on the technology acquired for that very purpose.

When attackers steal the most important network credentials to a network, they basically own it, and "it's their network, they're just letting you use it," McGregor said.

The FBI has had notable successes, such as bringing down the part of the Anonymous group led by the hacker known as Sabu, McGregor said. He added that Sabu was one of the smartest people he's ever seen in terms of technology. He said he wished this kind of intelligence would be better put to use to protect networks.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags National Security AgencysecuritynsaSaudi AramcoAramcoWide Area Network

More about FBIIDGNational Security AgencyNSATechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts