DOD DNI want cyberwar command split from NSA:
. the same technology used for hacking into computers
can be used for both gathering info (NSA activities)
and for making foreign computers do malicious things
(cyberwar command activities).
. anybody with that technology can do both;
not surprisingly both activities have been headed by
the same director (a military general)
but since Snowden exposed that NSA is spying on its citizens
privacy defenders want NSA headed by senate-selected civilian
rather than a general selected by the military.
Ellen Nakashima September 13 2016
. both NSA and cyberwar command activities
have been headed by the same director;
and Chairman of the Senate Armed Services Committee,
John McCain (R-Ariz) wants to keep it that way;
but Defense Secretary Ashton B. Carter
and Director of National Intelligence James R. Clapper Jr.
want to be in sole control of cyberwar without NSA;
and, they also want to break from tradition
by having a civilian rather than a military officer
be in charge of the NSA.
. the CIA is headed by a civilian not the military
[it does secret military operations;
the non-secret military is headed by a civilian too:
Jason Healey, director of
Cyber Statecraft Initiative at the Atlantic Council:
“We've now created a center of power
that we would never allow in any other area”.
Obama's Presidential Commission 2013(post-Snowden):
LIBERTY AND SECURITY IN A CHANGING WORLD
Report and Recommendations of
The President’s Review Group on Intelligence
and Communications Technologies 2013.12.12:
"With respect to the National Security Agency (NSA),
we believe that the Director should be a Senate-confirmed position,
with civilians eligible to hold that position;
the President should give serious consideration to
making the next Director of NSA a civilian.
NSA should be clearly designated as a
foreign intelligence organization.
Other missions (including that of NSA’s
Information Assurance Directorate)
[antimalware services for classified systems]
should generally be assigned elsewhere.
The head of the military unit, US Cyber Command,
and the Director of NSA should not be a single official."
"The public debate has generally focused on the
counterterrorism rationale for expanded surveillance
since the terrorist attacks of September 11, 2001.
... Going forward, even where a military rationale exists
for information collection and use,
there increasingly will be countervailing reasons
not to see the issue in purely military terms.
The convergence of military and civilian communications
supports our recommendations for greater
civilian control of NSA
as well as a separation of NSA from US Cyber Command."
[. if the NSA should be headed by a civilian
and Cyber Command is a military operation
that obviously should be headed by a military general
how can they be headed by the same person?]
NSA Information Assurance Directorate:
National Security Directive (NSD) 42
authorizes NSA to secure National Security Systems,
which includes systems that handle classified information
or are otherwise critical to military or intelligence activities.
IA has a pivotal leadership role in performing this responsibility,
and partners with government, industry, and academia
to execute the IA mission.
Now that cyberspace is the primary arena in which we
protect information, we are working toward shaping
an agile and secure operational cyber environment
where we can successfully outmaneuver any adversary.
A key step in building Confidence in Cyberspace
is a willingness to offer what we know.
Please visit our site at www.iad.gov
to learn more about our unique experiences and capabilities.
. they have some opensource software.
Vulnerabilities Equities Process:
. the policy that lets NSA and FBI
decide whether to announce software flaws
to vendors for patching.
. exploitation of the software flaws,
known as zero-day vulnerabilities
is essential for both offensive and
law enforcement-related activities,
as well as counterterrorism efforts.
. such a process gives you the impression
that NSA is simply using bugs they find;
certainly what is more likely is that
they are coercing makers of software, firmware
and even hardware,
to insert bugs they need for cyberwar.