The NSA is massively reorganizing itself. That’s going to hurt its credibility

Publication Type: 
Other Writing
Publication Date: 
February 10, 2016

The National Security Agency has been having a tough time the last couple of years, as it takes the blame for widespread surveillance. It has just announced a major reorganization plan under which its Signals Intelligence (spying) and Information Assurance (domestic protection) directorates are going to be combined in a new Directorate of Operations. From an internal perspective, this is a more rational way to use resources. Spying and protecting U.S. military networks from spying are closer than you might think. From an external perspective, it is likely to damage the NSA’s credibility still further. Here’s why.

The NSA has two big responsibilities

As the division between the intelligence and assurance directorates suggests, the NSA has traditionally had two big responsibilities. The first — spying and surveillance — gets the lion’s share of public attention (and, it would appear, resources). Yet the second responsibility — protecting U.S. networks from external attack — is also very important. The NSA has played a direct role in securing U.S. networks against outside intrusion and indirectly shapes the security of private U.S. networks too, which rely on cryptographic software that has reflected NSA advice. Originally, the NSA wanted to play a bigger role in setting standards for private sector information security but was apparently relegated to a secondary role, in which it provided technical advice to NIST, National Institute for Standards and Technology, on cryptography standards.

These responsibilities now conflict with each other

As everything has moved to the Internet, the NSA’s job has become a lot more complicated. Protecting private U.S. networks and computers from intrusion means creating secure cryptographic standards that make it a lot harder for outsiders to break in. The problem is that other networks in other countries are likely to start using the same standards. This means that the better that the NSA does at securing U.S. computers and networks against foreign intrusion, the harder it is going to be for the NSA to break into foreign computers and networks that use the same standards. If, alternatively, it cheats by promoting weak standards, the security of U.S. networks will be weakened, but it will also be easier for the NSA to break into foreign ones.

Read the full piece at The Washington Post