NSA chief seeks more data from private sector in sharing offer

Gen. Keith Alexander, head of the embattled National Security Agency (NSA), says he is willing to share cyberattack information with the private sector -- an offer seen as a Trojan horse by at least one expert.

On Wednesday, Alexander told attendees of his keynote at the Billington Cybersecurity Summit that the NSA, the FBI, the Department of Homeland Security (DHS) and the CIA are ready to pass information back and forth with a select group of private organizations, provided they get the authorization from Congress.

"We need the authority for us to share with them and them to share with us," Alexander said, reported Kaspersky Labs' ThreatPost security website.

Alexander's comments came a day after U.S. Sen. Dianne Feinstein, chairwoman of the Senate Intelligence Committee, told The Hill newspaper that she planned to move forward with a draft of the Senate's version of the Cyber Intelligence Sharing and Protection Act (CISPA). The House version passed in April.

In general, CISPA would remove the threat of privacy lawsuits companies face in sharing cyberattack data with each other and the government. The legislation would also set the rules for the government to share sensitive information.

Most experts agree that information sharing would bolster the defenses of the nation's financial institutions and critical infrastructure providers, such as utilities, water facilities and oil and gas pipelines. The disagreement is over how the transfer of data to the government can be done without compromising privacy.

Revelations of massive NSA data gathering from telecom and Internet companies has sparked a fierce national debate on whether the spy agency's antiterrorism activities have gone too far in collecting information on innocent Americans.

In claiming the NSA has done nothing illegal, Alexander blamed calls from Capitol Hill to restrict government surveillance on "sensationalized" reporting and "media leaks," Politico reported from he said in his speech.

[Also see: CISPA enjoys wide backing from enterprises]

Instead of less information, the NSA needs more from the private sector to stop cyberattacks against key industries before they start. "Right now, what happens is the attack goes on and we're brought in after the fact," ThreatPost reports Alexander as saying. "And I can guarantee you 100 percent of the time we cannot stop and attack after the fact."

However, Jerry Brito, senior research fellow with the Mercatus Center at George Mason University, said the NSA already had the authority to share data if it really wanted to. The agency could declassify information on its own and pass it along to companies.

"There's nothing stopping them today from sharing data from the NSA to these companies," said Brito, who heads Mercatus' Technology Policy Program. "What they really want is more information about the communications of Americans under the rubric of cybersecurity information sharing."

Kevin Coleman, strategic management consultant at SilverRhino, was supportive of Alexander, saying information from the NSA and other federal agencies would help companies take the "proactive approach" needed to improve their cyberdefenses.

"This is a great step forward and if properly used by the nation's critical infrastructure providers will substantially improve their ability to defend against cyber threats that are growing in frequency and complexity," Coleman said. SilverRhino provides cybersecurity services to government agencies.

Alexander defended U.S. Internet companies including Google, Facebook and Microsoft, whose images have been tainted by media reports of them sharing user information with the NSA. While referring to the companies only as the "industry," he said they "have taken a beating on this, and it's wrong."

Read more about data privacy in CSOonline's Data Privacy section.

Join the CSO newsletter!

Error: Please check your email address.

Tags data sharingNational Security AgencyCISPA and privacyapplicationsnsaData Protection | Data Privacykaspersky labkaspersky labsNSA PRISM Surveillance ProgramDepartment of Homeland SecurityCISPASenasoftwareintelfbidata protection

More about FacebookFBIGoogleKasperskyMicrosoftNational Security AgencyNSATechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place