By William Jackson
http://gcn.com/articles/2012/03/02/cybereye-nsa-oversee-domestic-cybersecurity.aspx
One of the debates in cybersecurity right now — one of many — is who should be in charge of overseeing the security of privately owned critical infrastructure. That role now nominally belongs to the Homeland Security Department by virtue of a patchwork of executive order and policy, but with little legislative authority.
Some argue that the job should go to the National Security Agency, which has been in charge of securing government communications and snooping on foreign communications since before there was an Internet. They have the expertise, the argument goes.
Others are wary of inviting a military agency charged with foreign spying into our domestic networks. Without public oversight of NSA operations, that is a valid fear.
It is a difficult issue because of the blurred lines between national security on one hand and privacy and civil liberties on the other. The Defense Department relies heavily on the privately owned infrastructure that makes up the bulk of global communications networks. Deputy Defense Secretary Aston Carter, speaking Feb. 28 at the RSA Conference in San Francisco, said threats to civilian critical infrastructure are seen as a threat to the DOD. “We want to have a role in defending that as well,” he said.
And the NSA already is playing a cooperative role in domestic security. “DHS and NSA are already working together,” Jenny Menna of the DHS National Protection and Programs Directorate said at the conference. “There is a strong working relationship.”
But the thought of allowing the NSA unfettered access to domestic networks and systems is scary. And because of the secrecy in which the NSA operates, “unfettered” is unfortunately the only way access could be allowed.
Meaningful oversight is public oversight — the people themselves have a say, either directly or indirectly, in what an agency does and how it is done. In our political system, the hands-on work is done by Congress, representing the people. But this only is meaningful if the public is informed of what is happening and has an opportunity to respond, both by feedback to representatives and at the ballot box. It is often a messy and inefficient process, but it’s the one we have.
This crucial link is missing in NSA oversight. A handful of chosen senators and representatives are briefed in secret and the information stops there. The public does not know what the NSA is doing or what their representatives are doing about it. Without transparency the oversight has little meaning. Without this oversight, we have no way of knowing what information is being gathered by whom, who has access to it or what is being used for.
We could just trust the government. But if blind trust were an adequate protection, the Founding Fathers would not have built a system of checks and balance into our government. Trust is more meaningful when it is not blind.
Of course, in a real sense this argument is moot. Since we don’t have any assurance what the NSA does, it might already be monitoring domestic networks in the name of national security. But if it is not given this authority in a law, we at least have the assurance that such domestic snooping is illegal.
Recent history has shown that this assurance is not really worth much, but right now it is all we have.
For more reading, try: http://gcn.com/articles/2012/02/28/rsa-5-dod-carter-civilian-infrastructure.aspx
http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1
The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)
http://gcn.com/articles/2012/02/28/rsa-3-cyberwar-distracts-real-threats.aspx
Fuss over cyber war distracts from real threats, security pioneer says