Bejtlich in April Wired Magazine

The April issue of Wired Magazine features an article by Noah Shachtman titled Security Watch: Beware the NSA’s Geek-Spy Complex. Noah writes:

Early this year, the big brains at Google admitted that they had been outsmarted. Along with 33 other companies, the search giant had been the victim of a major hack — an infiltration of international computer networks that even Google couldn’t do a thing about. So the company has reportedly turned to the only place on Earth with a deeper team of geeks than the Googleplex: the National Security Agency...

Technically, rendering this aid isn’t the NSA’s job, says Richard Bejtlich, a former Air Force cybersecurity officer now with General Electric. “But when you’re in trouble, you go to the guys who actually have a clue.”

I appreciate the mention Noah! The focus of his article is as follows:

[Within NSA, o]ne team wants to exploit software holes; the other wants to repair them. This has created a conflict — especially when it comes to working with outsiders in need of the NSA’s assistance. Fortunately, there’s a relatively simple solution: We should break up the NSA.

I told Noah I didn't think that would work. I outlined one reason in my post Offense and Defense Inform Each Other. Each side in the battle is stronger because of the other.

However, I agree that many people don't trust NSA. I do, but I know people there, and I was an Air Force intel officer who served at the former Air Intelligence Agency (which was the Air Force Service Cryptologic Element to NSA). The NSA is trying to fight external threats, not listen to you crunch corn flakes while eating breakfast.

I don't see anything short of a massive cyber disaster resulting in actions to change NSA. It's probably more realistic to see calls for greater Congressional oversight to safeguard privacy.


Anonymous said…
Richard.. You have been out too long.
gih said…
He's just been very busy, I think...
Anonymous said…
I don't think that some degree of separation between the NSA's offensive and defensive capabilities would necessarily impair the effectiveness of either. It's effectively the model we have in the UK between GCHQ (offensive) and CESG (defensive).

Popular posts from this blog

MITRE ATT&CK Tactics Are Not Tactics

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4