Can the NSA Defend America Against Cyber Attacks?

Thursday, July 21, 2011



The National Security Agency, in conjunction with other federal departments, is in a race to secure information systems that include everything from networks that control critical infrastructure such as communications and energy production to databases that house sensitive data that may impact national security.

The rapid adoption of information technology systems has far outpaced the ability of federal agencies and the private sector to ensure adequate security measures are in place, making cybersecurity an inter-departmental priority.

“In an era when our nation and its allies are increasingly dependent on the integrity of information and systems supported, transmitted, or stored in cyberspace, it is essential that that space is as resilient and secure as possible," said NSA Deputy Director John C. Inglis.

The NSA announced in January it had begun building a national cybersecurity intelligence center at the Camp Williams military grounds in Riverton, Utah, and construction on the one-million square foot facility was begun by the U.S. Army Corps of Engineers, according to an NSA press release.

The center will employ as many as two-hundred employees when complete. It will be administered by the NSA, but will include multiple federal departments including the Department of Homeland Security.

The facility will be a state-of-the-art center for national cybersecurity intelligence and defense operations, and is currently the largest defense construction project in the nations.

The agency has also implemented a program called the Information Security Training and Rating Program (ISATRP) which is geared towards providing additional training for information security professionals in the private sector.

According to the mission statement on the ISATRP website:

"The Information Security Training and Rating Program (ISATRP) sets the standards for Information Security Assurance services through the information security assurance methodologies (Information Security Assessment Methodology, Information Security Red Team Methodology), trains and certifies individuals in the methodologies, and rates Information Security Assurance organizations through the use of a standard metric Information Security Assurance - Capability Maturity Model (ISA-CMM). The ISATRP then provides this information to consumers so they are better informed when negotiating with Information Security Assurance Providers. An ISATRP Frequently Asked Questions (FAQ) is available here."

On the consumer front, last April the NSA published the Best Practices for Keeping Your Home Network Secure. This document provides home users directions for keeping their systems secure and protected.

Home users are faced by many security troubles, and trying to applying all the required security measures is complicated due to the fast pace of changes in technology and new vulnerabilities that may leave them open to new attack.

The guidelines state:

“The cyber threat is no longer limited to your office network and work persona. Adversaries realize that targets are typically more vulnerable when operating from their home network since there are fewer rigors associated with the protection, monitoring, and maintenance of most home networks.”

The question remains as to whether these efforts will be effective in the face of a dramatic uptick in cyber attacks and espionage efforts initiated by state-sponsored and freelance hackers.

In early July two government research labs and a defense contractor were the targets of attacks against their information systems. The unauthorized access events occurred at the Pacific Northwest National Laboratory (PNNL), the Battelle Corp - a government contractor that manages PNNL - and the Thomas Jefferson National Laboratory.

The incidents are the latest in a string of attacks targeting government facilities and defense contractors.

Early last month defense contractor Lockheed disabled their employees remote access privileges while the company reissued new SecurID tokens to all telecommuting workers after detecting unauthorized access attempts.

Defense contractor Northrop Grumman also reportedly disabled remote access to company networks, and L-3 Communications reported that the company had suffered a network breach stemming from cloned RSA SecurID tokens.

Also last month, the public facing website at the Y-12 Nuclear Weapons Plant located at the Oak Ridge National Laboratory (ORNL) was temporarily disabled following reports of a cyber attack on Sunday.  The Y-12 facility stores the majority of the nation's bomb-grade uranium, as well as producing replacement hardware to maintain aging nuclear weapons stores. ORNL systems were also attacked in April.

And just this week researchers from security provider F-Secure have discovered a sample of a malicious PDF that may be used in a targeted attack against defense contractor employees.

The attack exploits a vulnerability in Javascript that allows malicious code to be embedded in the file, which then infects the victim's computer and can create a backdoor that hackers can use to access systems and glean sensitive information.

Any way you slice it, the NSA and other federal agencies are fighting an uphill battle.

Possibly Related Articles:
Defense Government Cyber Security Attacks Headlines Infrastructure National Security NSA hackers ISATRP
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.