The U.S. Intelligence Community’s Emphasis on Offensive Capabilities is Dangerous, Idiotic and Authoritarian

by

Earlier today, Edward Snowden posted the following tweet calling attention to a very important article published at Reuters.

The article highlights the fact that U.S. intelligence agencies spend 90% of their budgets on offensive capabilities as opposed to defense. The disastrous results of such an emphasis should be obvious to everyone, all you have to do is look at what this attitude has done to U.S. foreign policy, as well as domestic police departments. When you focus all your spending and energy on developing new weapons, the urge is to find an excuse to use them. Disastrous consequences typically follow (unnecessary SWAT raids and the wholesale destruction of countries).

When it comes to intelligence agencies, the focus on offense results in two horrible outcomes. Less cybersecurity for everyone and an ability for the government to spy on, and hence blackmail, the whole world.

Reuters reports:

When WikiLeaks founder Julian Assange disclosed earlier this month that his anti-secrecy group had obtained CIA tools for hacking into technology products made by U.S. companies, security engineers at Cisco Systems swung into action.

That a major U.S. company had to rely on WikiLeaks to learn about security problems well-known to U.S. intelligence agencies underscores concerns expressed by dozens of current and former U.S. intelligence and security officials about the government’s approach to cybersecurity.

That policy overwhelmingly emphasizes offensive cyber-security capabilities over defensive measures, these people told Reuters, even as an increasing number of U.S. organizations have been hit by hacks attributed to foreign governments.

We know why they’re doing this. None of it relates to protecting Americans, it’s all about spying on everybody.

Larry Pfeiffer, a former senior director of the White House Situation Room in the Obama administration, said now that others were catching up to the United States in their cyber capabilities, “maybe it is time to take a pause and fully consider the ramifications of what we’re doing.”

Across the federal government, about 90 percent of all spending on cyber programs is dedicated to offensive efforts, including penetrating the computer systems of adversaries, listening to communications and developing the means to disable or degrade infrastructure, senior intelligence officials told Reuters.

But the secret part of the U.S. intelligence budget alone totaled about $50 billion annually as of 2013, documents leaked by NSA contractor Edward Snowden show. Just 8 percent of that figure went toward “enhanced cyber security,” while 72 percent was dedicated to collecting strategic intelligence and fighting violent extremism. 

Departing NSA Deputy Director Rick Ledgett confirmed in an interview that 90 percent of government cyber spending was on offensive efforts and agreed it was lopsided.

Former military and intelligence leaders such as ex-NSA Director Keith Alexander and former Secretary of Defense Ashton Carter say that U.S. companies and other institutions cannot be solely responsible for defending themselves against the likes of Russia, China, North Korea and Iran.

For tech companies, the government’s approach is frustrating, executives and engineers say.

Sophisticated hacking campaigns typically rely on flaws in computer products. When the NSA or CIA find such flaws, under current policies they often choose to keep them for offensive attacks, rather than tell the companies.

The government intentionally allows tech companies to remain vulnerable so they then need the U.S. government’s protection. Totally perverse.

In the case of Cisco, the company said the CIA did not inform the company after the agency learned late last year that information about the hacking tools had been leaked.

“Cisco remains steadfast in the position that we should be notified of all vulnerabilities if they are found, so we can fix them and notify customers,” said company spokeswoman Yvonne Malmgren.

Naturally, things are headed in the wrong direction…

A recent reorganization at the NSA, known as NSA21, eliminated the branch that was explicitly responsible for defense, the Information Assurance Directorate (IAD), the largest cyber-defense workforce in the government. Its mission has now been combined with the dominant force in the agency, signals intelligence, in a broad operations division.

Top NSA officials, including director Mike Rogers, argue that it is better to have offensive and defensive specialists working side by side. Other NSA and White House veterans contend that perfect defense is impossible and therefore more resources should be poured into penetrating enemy networks – both to head off attacks and to determine their origin.

Curtis Dukes, the last head of IAD, said in an interview after retiring last month that he feared defense would get even less attention in a structure where it does not have a leader with a direct line to the NSA director.

“It’s incumbent on the NSA to say, ‘This is an important mission’,” Dukes said. “That has not occurred.”

What a joke.

If you enjoyed this post, and want to contribute to genuine, independent media, consider visiting our Support Page.

In Liberty,
Michael Krieger

Like this post?
Donate bitcoins: 35DBUbbAQHTqbDaAc5mAaN6BqwA2AxuE7G


Follow me on Twitter.

Leave a Reply