NSA Too Focused On Perimeter Defense, Clarke Says - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity

NSA Too Focused On Perimeter Defense, Clarke Says

The Former White House cybersecurity adviser says the NSA's focus on perimeter security made it vulnerable to insider Edward Snowden.

Despite a drumbeat of high-profile data breaches in recent years, the National Security Agency and many other federal agencies continue to focus on outdated perimeter security practices, leaving networks vulnerable to insider threats, former White House cybersecurity adviser Richard Clarke warned at this week's RSA security conference in San Francisco.

"NSA was hacked," Clarke said. Despite having some of the best outward-facing security in the world, Edward Snowden was able to access and steal classified information without setting off alarms, "because NSA had terrible internal security."

The NSA, one of the world's most capable organizations in cyberoffense, is lousy at defense, he said.

Clarke, a security consultant who took part in the presidential review that recommended revamping the NSA's intelligence-gathering operations in the wake of the Snowden breach, made his comments at a Feb. 25 news conference hosted by Bit9 and Carbon Black at the RSA conference.

He also spoke at length on how the NSA's controversial intelligence collection activities have damaged relations with multinational companies that host data around the word, and he raised concerns about the safety of data traveling through US networks.

[How should infrastructure providers combat internal and external threats? Read Feds Launch Cyber Security Guidelines For US Infrastructure Providers.]

Former White House cybersecurity adviser Richard Clarke.(Source: Wikipedia Commons)
Former White House cybersecurity adviser Richard Clarke.
(Source: Wikipedia Commons)

Intrusions are increasing in government systems, with a 42% increase in breaches of personal information reported by agencies in fiscal 2012 over the year before to the Homeland Security Department's US Computer Emergency Response Team.

Intrusions in private-sector systems are also getting plenty of attention. A recent example is the theft of credit card information from millions of customers from Target and other large retailers over the holiday season. Once inside a network, intrusions can go undetected for long periods because of a lack of monitoring of network activity, Clarke said.

Yet security programs continue to focus on the perimeter at the expense of the network. "The money goes to firewalls. The money goes to antivirus. The money goes to intrusion detection and prevention systems, and we know these systems fail all the time."

Clarke, who sits on the board of Bit9, made a pitch for visibility tools offered by the company, and he said legislation is needed to raise the level of cybersecurity in the nation's critical infrastructure, both government and privately owned. "Ultimately, I would like to see regulation," because market forces have failed to protect the national security and economy, but it isn't going to happen under the current Congress.

In the absence of regulation, Clarke called the president's 2013 executive order on infrastructure security and the resulting Cybersecurity Framework a good first step -- but only a step -- toward improved security.

He also called for revamping the NSA's intelligence-gathering programs and for increased transparency in the spy agency's oversight. Too often, it gathers information because it can, rather than because it should. While praising the current agency leadership, he said, "It's not a crazy idea" that the government could abuse information it has gathered, citing FBI abuses in earlier decades.

The NSA's problem is not a lack of controls, Clarke said, but the fact that oversight occurs in secret, which undermines public trust. The NSA is much more closely regulated than most nations' intelligence agencies, with oversight from the judicial, legislative, and executive branches, "but there is no way for the American people to know that."

The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach (free registration required).

William Jackson is writer with the <a href="http://www.techwritersbureau.com" target="_blank">Tech Writers Bureau</A>, with more than 35 years' experience reporting for daily, business and technical publications, including two decades covering information ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
2/26/2014 | 11:00:49 PM
Re: So Much Hot Air So Little Ventilation
I think you're right Tom that determined insiders are hard to beat.  It is worth noting that after the Snowden incident, NSA chief Gen. Keith Alexander instituted a rule that two people had to be present to permit the downloading or transferring of data.  Together with the right internal controls, that would make it harder though not impossible to make off with key data. 
Charlie Babcock
Charlie Babcock,
User Rank: Author
2/26/2014 | 4:55:26 PM
Defense in depth
We must get to defense in depth, internal safeguards as well as perimeter defense, to achieve more secure operatoins. A rules engine should be watching user behavior to spot activity like Snowden's that's out of line.
Thomas Claburn
Thomas Claburn,
User Rank: Author
2/26/2014 | 4:54:00 PM
Re: So Much Hot Air So Little Ventilation
I'd venture to say that the issue goes beyond poor internal security. Simply put, modern communications technology makes it extremely difficult to keep secrets. Even if the NSA was on top of everything, I suspect a determined insider could take data outside the organization. It's just too difficult to simultaneously have data be readable and protected.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Author
2/26/2014 | 4:50:08 PM
Revamping NSA intellegience-gathering
I'd like to hear more details on what Clarke actually thinks the NSA should change in order to provide more transparency into spy agency activities. Did he offer any specfics? 
User Rank: Ninja
2/26/2014 | 3:07:00 PM
So Much Hot Air So Little Ventilation
So Richard Clarke believes the NSA's biggest problem comes from insider threats who then rightfully divulge governmental abuse of power? Clearly, he still lives in the same, elite ivory tower he always has when he was receiving a paycheck from the agency.
CIOs Face Decisions on Remote Work for Post-Pandemic Future
Joao-Pierre S. Ruth, Senior Writer,  2/19/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
CRM Trends 2021: How the Pandemic Altered Customer Behavior Forever
Jessica Davis, Senior Editor, Enterprise Apps,  2/18/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll