Article by Tristan Jones
Last week in Las Vegas, the hacker convention DefCon 20 had a bit of a high profile speaker.
The aforementioned speaker was none other than General Keith Alexander, of the National Security agency (read: in charge of US cyber command). A top ranking government official has never been seen giving a keynote speech at a hacker convention before.
The message that General Alexander had was for hackers to help out the US government - that private sector Information security, hackers, exploit developers, etc. had to share information and tools in order to help protect the United States from the looming threat of a cyberattack from foreign governments.
I am all for sharing any non-sensitive information, along with open source tools (seriously, who doesn't like free?). But, my main thoughts initially were about the General's/NSA's motive for trying to appeal to people that work in the private industry to basically, come to their side.
It had me wondering, what is their deal? Are they trying to build profiles on potential domestic hackers? Are they unable to develop/hire the tools/people they need in order to effectively do their job?
It is widely known that the government is having trouble hiring the people they need in order to be effective. In regards to creating their own tools, the NSA is in a bit of hot water with the US Senate.
There is a current mandate in place (OMB Circular A-130) that requires the use of "off the shelf" software from commercial sources "unless the cost effectiveness of developing custom software is clear and has been documented through pilot projects or prototypes".
The current debate on the NSA creating Acculumo is that it violates that mandate. Such mandates and stoppages can definitely impede the progress that the NSA wants to make, and I can see why the agency is reaching out for some help.
I've always had a bit of a suspicious nature however, time and age have taught me to always consider both sides of the coin.
I suppose some can see it as a false sense, or better yet, a facade of transparency between government agencies and the general public. Given the lack of transparency in the past 15 years, I feel justified in thinking so.
Another point that I discussed with @billford, hackers in general have trust issues with any federal agency. In some cases, this distrust is justified. For example, former NSA official William Binney was featured in an article on Wired:
“'The reason I left the NSA was because they started spying on everybody in the country. That’s the reason I left,' said Binney, who resigned from the agency in late 2001."
Binney was contradicting statements made on Friday by Alexander, who told the crowd of hackers and security professionals that his agency “absolutely” does not maintain files on Americans.
“'And anybody who would tell you that we’re keeping files or dossiers on the American people,' Alexander continued, 'knows that’s not true.'"
On the other side, one can see why a US Government agency (entrusted with protecting most likely, VERY sensitive information) is seeking help from the private sector. The private sector of business (in many other fields than Information Security) have always pioneered new methods, technologies, etc.
A question that comes to mind is "Why reinvent the wheel?", essentially saying, why would federal agencies develop everything on their own when they have a rich resource of knowledge and tools in order to do their jobs.
Is the NSA being nefarious and wanting to spy on hackers? Or are they legitimately seeking help for a problem that has been growing and will only continue to grow in the future? Time will certainly tell in this case.