recommended reading

NSA Chief Asks Techies for Help, Not Backbench Criticism

Army General Keith Alexander, head of the National Security Agency delivers a keynote address at the Black Hat hacker conference.

Army General Keith Alexander, head of the National Security Agency delivers a keynote address at the Black Hat hacker conference. // Isaac Brekken/AP

LAS VEGAS -- Gen. Keith Alexander, director of the National Security Agency, tried to repair relations with the tech sector during a keynote speech at the Black Hat cybersecurity conference here on Wednesday after damaging revelations about two broad digital surveillance programs.

Alexander said the programs revealed by leaker Edward Snowden receive intense oversight from Congress and the judiciary and are “100 percent auditable.” He urged critics in the tech community to work with the government to improve the programs rather than criticize them from the sidelines.

“The assumption is people are just out there wheeling and dealing and nothing could be further from the truth,” Alexander said. “We have tremendous oversight.”

Skeptical audience members heckled Alexander several times during the speech, accusing him of lying to Congress about the surveillance programs, saying they didn’t trust him and urging him to “read the constitution.” He also received a few rounds of applause when he described NSA surveillance information helping to foil terrorist plots.

Alexander said the programs were approved by Congress and the judiciary and that audits had never shown NSA staffers overstepping legal boundaries. He also said it would be counterproductive for the NSA to collect information too broadly.

“You can’t afford and don’t want to collect everything,” he said. “It makes analysis harder.”

The Black Hat conference focuses on digital security techniques, mostly in the private sector.

Black Hat General Manger Trey Ford asked Alexander whether NSA’s surveillance programs would make it more difficult for U.S. tech companies to sell products abroad because of concerns they’d turn over customer data to the U.S. government. Alexander didn’t answer directly but noted that other governments also compel businesses to hand over data for intelligence and law enforcement purposes.

The two known NSA programs include more rigorous oversight than many of those national programs, he said.

“I’ve heard some people say the [Foreign Intelligence Surveillance] court is a rubber stamp,” Alexander said. “I’m on the other end of the table with those federal judges and anybody who’s been up against a federal judge knows these are people with tremendous legal experience that don’t take -- I’m trying to think of a word here -- from even a four star general.”

Alexander agreed to keynote the Black Hat presentation before Snowden’s revelations. The NSA director spoke at a long-running Las Vegas hackers conference called DEFCON in 2012, where NSA has recruited in the past. This year, DEFCON organizers have asked federal employees to steer clear of the conference.

Alexander showed a slide during his presentation that he said represented all information NSA analysts can see under the agency’s telephone metadata program, which is approved for use against some U.S. citizens. The slide, which looked like a standard spreadsheet, only showed the time and date of a call, the calling and receiving numbers, the duration of the call and the source of the metadata.

Fewer than 300 numbers were approved to be queried in 2012, he said. He said information collected  from the metadata program and from a separate program focused on collecting foreign Internet communications have been responsible for 54 foiled terrorist plots.

"You’re the greatest gathering of technical talent anywhere in the world," he said. "The whole reason I came here was to ask you to help us make it better. If you disagree with what we’re doing then you should help us twice as much.”

Threatwatch Alert

Network intrusion / Stolen credentials

85M User Accounts Compromised from Video-sharing Site Dailymotion

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.