Is No Such Agency now the Network Security Agency?

28 January 2008

Earlier this month, George W. Bush authorized a classified government directive that authorizes the National Security Agency to monitor the data networks of other US government agencies as well as monitoring the communications traffic of American citizens and foreign countries. The specifics can't be released due to the security classification but it is known that the US government is very concerned about its information security posture (no jokes, please) and their first remediation step involves understanding what's going on inside their networks. The Office of the Director of National Intelligence is charged with coordinating efforts to track down the sources of infiltration attempts against government systems, DHS is supposed to implement security measures, and the Pentagon itself is in charge of developing strategy. The impetus for this development is said to be a string of attacks against their systems in the past eighteen months, but if you read their yearly unclassified reports the level of attacks really hasn't changed all that much, but they're actually paying closer attention (which they're supposed to) to what's going on. Supposedly cadres of Chinese crackers are behind the intrusion runs they've been spotting; other rumors claim that it's North Korea, Pakistan, or Iraq, but mostly it's China.

The budget for this effort will go through in 2009, and is expected to reach into the billions of US dollars. The effort itself looks, to this account anyway, like a pretty standard security setup: Keep an eye on the infosec community's work, monitor and analyze OSINT, watch the activity on the DMZ and internal networks, record data to analyze later, perform traffic analysis, keep your patches up to date... the difference is the scale, because this is supposed to cover just about every government agency in the country.