Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Why the NSA should be considered a hostile agency

Rob Enderle | Aug. 22, 2016
When an agency with security in its name chooses to exploit a security exposure rather than fix it, we have a problem, writes columnist Rob Enderle.

nsa hoodie

This last week we had yet another NSA event. This time it was the leak of advanced tools that could be used to exploit unreported defects in networking gear from U.S. manufacturers. This seems to further enforce a position by a variety of U.S. agencies to focus on breaking into things rather than help secure them. However, given that these break-ins are largely illegal and this practice appears to be doing massive damage to the technology market, not to mention exposing our firms to attack by a variety of nasty players, shouldn’t these agencies be reclassified as hostile?

I think the current mindset of these government agencies is foolish and puts not only our firms and customers at risk, but the nation itself. Let me explain.

Arrogance

At the core of this appears to be an incredible arrogance that product defects can be discovered only by the NSA. There is nothing I’ve seen that suggests the NSA is substantially more capable than the collective efforts of large hostile or friendly governments, large criminal organizations, or a variety of technology schools -- both domestic and abroad.  

This suggests that if the NSA can create tools to exploit these defects so can those who are hostile to the U.S. and it is arrogant to believe otherwise. Of course, even if that wasn’t true, these constant leaks point like neon signs to this approach making it far more likely someone will do the U.S. harm as a result.

Tactical thinking

I think much of this is due to tactical thinking where someone trades off an easier path to do their job for the larger strategic problem of critically damaging the U.S. technology industry and opening the nation to attack.

Let’s use Lockheed as an example. Let’s assume a government agency discovered a problem with Lockheed’s avionics package where a signal could be sent that would cause Lockheed planes to crash, but they kept this secret in case the U.S. were attacked by these planes so they could push a button and stop the attack. But given the U.S. uses more of these planes than anyone else, this defect would wipe out much of the U.S.’s airpower so it would be incredibly stupid not to report it to Lockheed so it could be fixed. This would be doubly true if it became known that the U.S. had this power because foreign governments would stop buying Lockheed jets.

We are already highly networked and are aggressively moving to everything from autonomous cars to smart cities that all rely heavily on U.S. sourced technology to keep them running and the folks that use them safe. Leaving a defect unreported in the hope it could be used for illegal spying in exchange for the potential to bring the nation to its knees would seem to be a stupid tradeoff. In addition, it also appears to be the one that the nation is making, including the part where it is killing sales of U.S. technology products.  

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.