DNI: Improvement needed tracking cyberattacks

Director of National Intelligence Dennis Blair said today intelligence agencies need to improve their abilities to determine the exact origins of cyberattacks. Blair also said he supported using the technical capabilities of the National Security Agency (NSA) in cybersecurity efforts and that a legal framework that would account for the cross-cutting nature of cyberattacks is needed.

Blair told reporters today he thought cybersecurity required sound policy from the White House, the capabilities of departments and agencies, as well as laws that deal appropriately with cyberthreats. He also said the greatest cyberthreat comes from nation states, and intelligence agencies are working to improve their abilities to determine whether a government or nonstate actors are behind an attack.

“Right now we are unable to do that as fast as we ought to be able to,” Blair said. “It takes a lot of work. It takes a lot of manpower — intensive effort to sort that out because of the ability of attack originators to go through [Internet protocols] and [Internet service providers] along the way, and we are working hard to be able to do that more accurately.”

The Obama administration is in the middle of a 60-day comprehensive review of the United States' cybersecurity. The public discussion about that effort so far has centered on the roles of the NSA, an intelligence agency focused on information assurance and signals intelligence, and the Homeland Security Department. DHS is the civilian agency that heads efforts to protect the government’s civilian network and has designated to coordinate between military, civilian and private sector efforts.

Blair said he supported making use of the technological capabilities of the NSA for cybersecurity effort.

“I think the trick is to make use of the technical capabilities of the [NSA] in a way that protects American networks, and the key to that is Americans having confidence that they are being used for those beneficial purposes and they are not being used to gather private information on Americans.”

However, Blair said a comprehensive approach to cybersecurity is needed and there was a need to deal with the legal authorities related to cybersecurity.

“I think that we’ve got to have a powerful team: We’ve got to have good policy from the White House, we’ve got to have capacity in the departments,” Blair said. “Most of all, I think we need to have a legal regime which takes account of the way that the technology of cyberspace has made our previous neat domestic, international, law enforcement and homeland-defense distinctions irrelevant.”