The “surveillance state reform” crowd is in the doldrums, now that their wonder-boy Edward Snowden is in Russia for the long-haul, under Putin’s watchful eye, and it’s been painfully evident for months that major reforms of the National Security Agency are politically stillborn, indeed they were killed off by Snowden and his traitorous antics, which left a bad taste in the mouths of normal Americans.
This doesn’t prevent the occasional outburst from the NSA-hating contingent, usually of a very misinformed kind, and today we have a new, rather silly example. I give you “The Real Lesson of Recent Cyberattacks: Let’s Break Up the NSA,” which advocates dismantling the Agency, which has two big components: the Signals Intelligence Directorate (SID) and the Information Assurance Directorate (IAD). The former conducts electronic espionage against foreigners, while the latter protects sensitive U.S. defense and intelligence networks from foreigners reading our classified mail.
The author cites several recent cyberattacks on “the White House, the Postal Service, and the National Weather Service,” all of which have received press attention, and rightly so. Then there’s the very serious cyberattack on the State Department, which led to the unprecedented shutdown of State’s unclassified email system a few days ago. It’s clear the U.S. Government is having problems protecting its less-sensitive information systems from foreign cyber intrusions, and worse.
Yet in a bout of snark, the author adds as “wise” commentary:
If only there was a federal agency dedicated to protecting federal information systems and critical U.S. infrastructure from criminals and foreign attackers. Oh, wait—there is. It’s the National Security Agency. And to all appearances, it’s botched the job so badly you’d think it wasn’t really trying in the first place.
“Maybe it wasn’t,” he adds, veering off into uninformed speculation about how SID and IAD are in cahoots to violate everyone’s privacy while letting Beijing read our mail…or something. The author has so little idea of how NSA actually functions that his argument is difficult to explain in any lucid fashion.
But the core problem is that the author’s central rant is entirely wrong. If he had bothered to read the IAD mission statement, which is linked in his own piece, it states the following;
IAD protects and defends National Security Information and Information Systems. In accordance with National Security Directive 42, National Security Systems are defined as systems that handle classified information or information otherwise critical to military or intelligence activities.
Got that? In other words, NSA is not responsible for security of the unclassified systems at the White House or the State Department, which were recently compromised according to press reports, and NSA has literally nothing to do with protecting unclassified information systems at the Post Office or the National Weather Service. Nice try to pin that on NSA, it just happens to be entirely wrong.
The author does not tell you that those Federal departments and agencies are responsible for their own cybersecurity on unclassified information systems. Even inside the Department of Defense, less sensitive systems are handled by the Defense Information Systems Agency, not NSA, another important fact which the author fails to disclose. NSA’s IAD is charged with protecting the security and integrity of Top Secret (plus) computer and communications systems that impact military and intelligence matters….and that’s it.
There’s a case to be made that SID and IAD should be separated, though they have resided together since NSA’s creation in 1952. Despite the fact that there is some mission overlap between them, SID and IAD are headquartered at different locations and there’s not a great deal of personnel exchange between the directorates, not to mention that SID is far larger than IAD in terms of both budget and personnel.
That said, marrying SIGINT and Information Assurance in a single agency makes more sense than, say, the marriage of finished national-level intelligence analysis and national-level human intelligence at CIA, in the Directorate of Intelligence and the National Clandestine Service, respectively — a union that is an accident of history and is not replicated in most Western intelligence communities.
If you want to separate SID and IAD to weaken NSA, that’s fine, just say that. There is no case for that divorce, however, that can be made on the basis of factually incorrect arguments such as we have here. It would be wise for authors to have a sense of what NSA actually does — which is not hard to find online — before they pontificate about how the Agency does everything wrong.