On Wednesday, January 19th, President Biden has expanded on the NSA’s (National Security Agency) responsibilities and scope in protecting the US government’s computer networks.
National Security Agency headquarters in Fort Meade, Md. The NSA has sought to expand its cybersecurity mission.
PHOTO: SAIT SERKAN GURBUZ/REUTERS
To those who unfamiliar with the NSA, the NSA is a national security agency of the U.S. Department of Defence that is responsible for information monitoring & processing for global threats, the handling & collection of domestic and foreign intelligence through interception, encryption, and decryption, and in turn is tasked with the protection of U.S. information systems & communication networks.
With this memorandum signed by President Biden, the NSA is now able to require all operators of national security systems such as the FBI, CIA, US Department of Defense and other US intelligence agencies to all implement baseline cybersecurity practices. Such practices include two-factor authentication and standard use of encryption. Effectively, all US national security agencies now have to be aligned in basic cyber security standards.
In addition, all cyber incidents that involve any U.S. agency that deals with “security” will now have to be reported to the NSA, which would further aid the U.S. government in identifying and mitigating cybersecurity threats across all national security systems among all of its branches. This will in turn require all US defence and intelligence agencies to secure any tools used to share data amounts amongst other whether if it is classified or not.
Historically, the U.S. government has been plagued by cyber attacks from other foreign powers such as China & Russia and tensions have only grown over the years. With this new mandate, the NSA is effectively now held responsible to ensure that all US agencies dealing with national defence are held up to an acceptable standard.
The U.S. has multiple areas of expertise where they may hold a technological advantage over other nations, one example would be military technologies. However with multiple cyber security breaches by China & Russia over the years, the it has been repeatedly proven that the U.S. is vulnerable cyberattacks by foreign actors. One example of a cybersecurity breach was the theft of data related to the F-35 program, which China used to develop their own indigenous stealth fighter, the J-20 & J-31.
With current political tensions, the U.S. now seeks to augment its cybersecurity practices, especially in regards to having a baseline minimum for all departments dealing with sensitive information to follow, and is effectively granting the NSA more responsibility and power by holding the NSA accountable to make sure that all agencies follow the same cyber security practices. From a perspective of national defence, this memorandum makes sense as it looks to align basic cybersecurity practices among all US security departments. However, it looks like the NSA has even more power and legal oversight on how they can collect information by having all security departments report to them. My question to everyone is if this should this be something of concern to everyday citizens? Or does national security take precedence by allowing the NSA, a U.S. department notorious on spying on its citizens greater power?
Sources:
https://www.nsa.gov/about/mission/index.shtml
https://www.19fortyfive.com/2021/07/how-china-stole-the-designs-for-the-f-35-stealth-fighter/
It’s always scary when the federal government undergoes an expansion of power in the name of national security. After all, governments have been abusing these powers for all of written history, and even a person earnestly trying to help could end up doing wrong, or opening the pathway to wrongdoing. However, its worth noting that in this case, at least based on what was written, I don’t know that there’s much to be afraid of (on the surface).
There doesn’t appear to be an expansion of surveillance, or a centralizing of data collection in general. Rather, it appears that the US government is holding their government agencies to higher cybersecurity standards to protect form foreign invasion. I can see how this could be done without compromising the privacy of citizens, and in some ways would actually strengthen it; After all, the only thing worse than my government collecting my data without permission is a foreign government who cares nothing for me (or my nation) doing so.
Obviously this is something to be concerned about, and privacy is a right which requires vigilant protection, but I don’t see much wrong with this. Cyberattacks are a serious threat, and I don’t see the downside to making sure government agencies use the best security practices possible. After all, we at the U of C are required to use two-factor authentication, why shouldn’t the FBI be doing that at a minimum?
This is certainly an important matter in today’s environment. Not only are we in a pandemic, where technology has become far more important, but the re-emergence of great power politics between Russia, China, and the US has made cyber security an important matter. How this impacts the average American citizen is one concern to be had as another ‘Edward Snowden’ controversy would show how far Washington has allowed the NSA to expand their practices. But given last week’s cyberattack directed toward Ukraine’s government and critical infrastructure by the Russians, such precautions may be warranted in this day and age. After all, today’s climate is more occupied by great power rivalry, and not international terrorism as was the case for the last two decades.
Cyber security is one of the largest rising concerns in the modern age, especially with the built up tension between the superpowers (that you mentioned). My question is, most of the people (especially in the US) that form the government, such as Senators,law makers,judges etc. All share an average age of 57.6 Years! Do you think that a 57 year old person understands the internet and it’s related vulnerabilities?
I would argue that the average teenager knows more about the internet than some of those sitting in congress, this makes it extremely difficult to create laws and regulations regarding a subject when your understanding of it is limited.
I really enjoyed the article, well done!
Seeing that tensions are rising between the US and rival nations like Russia, I agree that it is more important now than ever to implement these security measures. Countless times we have seen infiltrators take advantage of the United States’ outdated security infrastructure like in the Solarwinds attack which resulted in data breaches of more than 100 companies. Maintaining the integrity of these US agencies (ex. FBI, CIA etc.) is significant as they harbour heaps of confidential information.
Further, while I was researching my blog topic about Zero-trust security, I read that the white house is rolling out changes that complement the security strategies outlined in your post. For example, the US aims to use Zero-trust to bolster network architecture by implementing multi-factor authentication, least privileged authorization, network segmentation, and much more. I urge you to check out this post if you seek further information: https://www.zdnet.com/article/white-house-rolls-out-zero-trust-strategy-for-federal-agencies/
Overall, excellent post!
Thanks for bringing this topic up as I think this is quite an interesting subject to delve into. The US government and its constituent federal agencies hold a lot of power and I believe most people of my generation got aware of the NSA and its capabilities in particular after the whistle-blower incident regarding Edward Snowden where he shed light on the patriot act and how this law is used to justify the NSA to intrude into everyone’s life via their devices. The government’s efforts to create stricter protocols are not surprising given how in recent years there were incidents where Russian hackers had compromised several federal agencies via cyber attacks. The threat of Russian and Chinese cybercrimes has been an ongoing nuisance for the US government for the past few years. The severity of the situation had probably reached its peak when it was speculated that even the US presidential election of 2016 had been meddled with. These attacks are not only restricted to federal agencies, even private networks have been victims of such aggressions, for example, last year’s colonial pipeline hack which created fuel shortages on the East Coast of the USA. Warfare is not the same anymore in this day and age and an entire country’s infrastructure can be decapitated by just a few people and computers from thousands of miles away so no wonder President Biden is taking such measures.
I really appreciate your effort to bring up this conversation with such a great post.
This is one of the most risky move, because within the govenrment , not all have good intentions, most government hacks start from within, and most of the cyber hacks, come from the one’s who have full access around the whole system of the government.
This was an interesting post. I also read that United States Small Business Administration (SBA) has also launched a program to help country’s emerging small businesses to improve their cybersecurity infrastructure. But this also brings to notice that the number of cyber attacks are increasing day by day. But I think that the government are giving importance to cybersecurity and are seeing it as a national threat.
Great post! I wonder why this wasn’t done earlier, because this seems like good idea in theory, since this would ensure all other government agencies are secure, and they are less susceptible to cyber attacks. But I guess we would see in the long run if it actually is a good idea.