NSA director says U.S. has a ‘blind spot’ for detecting attacks like SolarWinds, Microsoft Exchange
The top official at the U.S. National Security Agency and U.S. Cyber Command told lawmakers on Thursday that the common failing with recent high-profile cyber attacks boils down to U.S. government agencies having a gap in visibility of foreign hackers using domestic infrastructure to launch attacks.
At a hearing held by the U.S. Senate Committee on Armed Services, General Paul Nakasone repeatedly emphasized that nation state adversaries are aware of this gap and are actively exploiting it in part because it allows them to better evade the eye of intelligence agencies like the NSA that are focused on activity conducted outside the U.S.
“We have to be able to see what’s happening… [our adversaries] are no longer just launching their attacks from different parts of the world,” said Gen. Nakasone. “They understand that they can use our infrastructure and there’s a blind spot for us.”
Although Gen. Nakasone raised this point throughout the two-hour hearing—”It’s not the fact that we can’t connect the dots, [it’s that] we can’t see all the dots”; “We truly need to look at the ability for us to see ourselves”; “We have to understand our adversaries better… Part of that is being able to see our adversaries”—he stepped short of asking lawmakers for increased authority to track foreign adversaries that co-opt domestic infrastructure.
At one point in the hearing, he raised the 4th amendment, which restricts unreasonable searches and seizures, as a “challenge” that lawmakers would need to address when deciding how to address the visibility gap. He also emphasized that it’s not necessarily the NSA or Cyber Command that needs to have these authorities.
Several policymakers and cybersecurity experts in recent months have raised the prospect of giving these responsibilities to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. The top Republican on the House Homeland Security Committee said at a conference last week that the agency should play the role of the federal “quarterback” on cybersecurity issues, and floated the idea of Congress doubling its budget. But that would require a major restructuring of the two-and-a-half year old agency that mainly serves in an advisory role.
Another possibility raised by Gen. Nakasone is that new laws, such as improved information sharing policies or requirements that internet infrastructure companies know who their customers are, could help government agencies gain visibility into this issue without requiring increased surveillance capabilities. “These attacks took place within the U.S. and there are right now barriers and disincentives for the private sector to share information with the government,” he said. “We have a difficulty as a government understanding the totality of the intrusion.”
Gen. Nakasone also hinted that the Biden administration is currently “addressing” the gap—which could be a reference to anticipated cybersecurity executive orders—but didn’t give additional details.
Elections, influence campaigns, student loans
Although most of the hearing centered on recent attacks including SolarWinds and Microsoft Exchange, Gen. Nakasone also provided details on a few other areas:
- U.S. Cyber Command conducted more than two dozen operations aimed at preventing foreign threats before they impacted or influence the 2020 elections. Gen. Nakasone said decisions made around the 2018 midterm elections changed Cyber Command’s posture from “a static to active force.”
- China and other foreign powers are increasingly engaging in influence operations, which Gen. Nakasone called “one of the most important areas we are undertaking” at Cyber Command and the NSA.
- Senator Angus King, an independent from Maine, asked Gen. Nakasone if it would help recruitment and retention efforts if NSA and Cyber Command could forgive student loans. “That’s one mechanism that is very attractive to our workforce,” Gen. Nakasone said.