This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.nytimes.com/2013/07/19/us/military-to-deploy-units-devoted-to-cyber-operations.html

The article has changed 7 times. There is an RSS feed of changes available.

Version 1 Version 2
In Closely Held Project, Military to Deploy Units Trained in Cyberwarfare N.S.A. Imposes Rules To Protect Secret Data Stored on Its Networks
(about 2 hours later)
ASPEN, Colo. The Defense Department’s second-ranking official said on Thursday that the military is about to deploy roughly 4,000 people in the Pentagon’s first units devoted to conducting cyberoffense and -defense operations, a new mission that formalizes America’s use of a class of weapons that the Obama administration has rarely discussed in public. The National Security Agency has imposed new rules designed to sharply restrict the sharing and downloading of top-secret material from its computer networks after an review of how Edward J. Snowden, a former agency contractor, managed to expose several of the country’s most sensitive surveillance programs, two of the Pentagon’s most senior officials said Thursday.
“I wanted to start this fast,” the official, Ashton B. Carter, the deputy secretary of defense, said at the opening of the Aspen Security Forum, an annual meeting on domestic security. Even at a time of budget cutbacks, he said, “We’re spending everything we think we can spend wisely” on developing the skills to conduct and defend against cyberattacks from abroad. First among the new procedures is a “two-man rule” based on the model of how nuclear weapons are handled that requires two computer systems administrators to work simultaneously when they are inside systems that contain highly classified material.
The New York Times is a media sponsor of the forum. “This makes our job more difficult,” Gen. Keith B. Alexander, the head of the N.S.A. and the commander of the military’s Cyber Command, told the Aspen Security Forum, an annual meeting on security issues. He described future plans to keep the most sensitive data in a highly encrypted form, sharply limiting the number of system administrators like Mr. Snowden who can move data throughout the nation’s intelligence agencies and the Defense Department.
In a wide-ranging interview, Mr. Carter also said that after examining how Edward J. Snowden, a former contractor for the National Security Agency, downloaded top-secret material about American surveillance programs, the Defense Department had already ordered new protections against what he called “the insider threat.” Hours before General Alexander described the new defenses, Ashton B. Carter, the deputy secretary of defense, said the conditions that allowed Mr. Snowden to download and remove data without detection amounted to “a failure to defend our own networks.”
First among the new procedures is a “two-man rule,” based on the model of how nuclear weapons are handled, which requires two computer systems administrators to be working simultaneously when they are inside systems that contain highly classified material. No individual, he said, would be able to download the material without the other one signing off, much as two technicians must sign off on work on warheads. “It was not an outsider hacking in, but an insider,” he said.
“This was a failure to defend our own networks,” Mr. Carter said of the Snowden case. “It was not an outsider hacking in, but an insider.” The lesson, he said, was that even systems administrators, who have wide-ranging access, must not be able to operate “all by themselves.” General Alexander spoke in defense of the N.S.A.’s surveillance programs, including its collection of a vast database of information about all phone calls made and received in the United States. “You need a haystack to find a needle,” he said, even while acknowledging that he was open to the idea that the nation’s telecommunications companies, rather than the government, should retain control of the data.
Mr. Carter, a physicist and former Harvard professor who has worked at the Pentagon since the beginning of the Obama administration, blamed the problem largely on decisions made after the investigations into the intelligence failures surrounding the Sept. 11, 2001, terrorist attacks. Those attacks were blamed in large part on the reluctance of intelligence agencies and the Federal Bureau of Investigation to share information. Now, he said, the sharing had gone too far, because the United States puts “enormous amounts of information” in one place, a practice that may be accelerated as agencies put more data into cloud systems. But at the security forum, of which The New York Times is a media sponsor, General Alexander also revealed for the first time that President Obama, shortly after taking office, had been surprised by the number of errors the agency made, which resulted in what General Alexander called the inadvertent collection of information about American citizens.
That enabled Mr. Snowden, working largely from an N.S.A. outpost in Hawaii, to download everything from details of the Prism surveillance system to the text of a secret order from the Foreign Intelligence Surveillance Court, whose rulings are supposed to remain classified. “When the president first came on board, we had a huge set of mistakes that we were working through in 2009,” he told the audience. “He said essentially, ‘I can see the value of these, but how do we ensure that we get these within compliance and that everything is exactly right?’ ” That suggested that Mr. Obama had questioned the execution of a program he had inherited from President George W. Bush, but satisfied himself by having the N.S.A. set up what the general called a “directorate of compliance,” an internal watchdog group.
The question of whether intelligence-sharing had gone too far away from traditional compartmentalization was debated in 2010 after the revelations by WikiLeaks, based on huge databases that were downloaded by Pfc. Bradley Manning. At the time, the Defense Department promised changes, including putting in alarm systems that would be activated when large amounts of data were downloaded by an individual. Both Mr. Carter and General Alexander said that the military has begun to deploy roughly 4,000 people in the Pentagon’s first units devoted to conducting cyber offense and defense operations, a new mission that formalizes America’s use of a class of weapons that the Obama administration has rarely discussed in public.
Mr. Carter strongly suggested that those changes, which also included Pentagon videos and 250,000 State Department cables, were insufficient. But his call for change is bound to raise questions about whether the government is restoring a system that, ultimately, was blamed for many of the failures to “connect the dots” before the Sept. 11 attacks, when the F.B.I. and the intelligence agencies were barely sharing critical information. “I wanted to start this fast,” Mr. Carter said. “Fundamentally, we’re spending everything we can think about spending intelligently for, notwithstanding our budget hassles, because this is an area that we are protecting even as other military capabilities will be cut.”
The description of the Pentagon’s new cyberteams which will be under the command of Gen. Keith B. Alexander of the Army, who directs the N.S.A. as well as the United States Cyber Command was the most detailed yet of one of the military’s most closely held projects. The description of the Pentagon’s new cyberteams, which will be under General Alexander’s command, was the most detailed yet of one of the military’s most closely held projects.
The administration recently conceded that it was developing cyberweapons. The best-known example is the covert effort called “Olympic Games,” which the Bush administration used against Iran’s nuclear program. The Obama administration accelerated the program, but suffered a major setback when a computer worm, later named Stuxnet, escaped from the Natanz nuclear enrichment plant in Iran and replicated itself on the Web, where the Iranians and others could download the code that was developed by the N.S.A. and its Israeli counterpart, Unit 8200.The administration recently conceded that it was developing cyberweapons. The best-known example is the covert effort called “Olympic Games,” which the Bush administration used against Iran’s nuclear program. The Obama administration accelerated the program, but suffered a major setback when a computer worm, later named Stuxnet, escaped from the Natanz nuclear enrichment plant in Iran and replicated itself on the Web, where the Iranians and others could download the code that was developed by the N.S.A. and its Israeli counterpart, Unit 8200.
Future operations run by Cyber Command, Mr. Carter suggested, would be focused on the teams. “The teams are new, and they are in addition to the N.S.A. work force,” he said. While they may ultimately be modeled on Special Operations, which provide fighting expertise to supplement traditional forces, for now the cyberforce will be drawn from members of the military services. Future operations run by Cyber Command, Mr. Carter suggested, would be focused on the teams. “The teams are new, and they are in addition to the N.S.A. work force,” he said. While they may ultimately be modeled on Special Operations, which provide fighting expertise to supplement traditional forces, for now the cyberforce will be drawn from members of the armed services.
The cyberforces are inexpensive, Mr. Carter argued. But their very existence, which General Alexander alluded to in Congressional testimony this year, is bound to be cited by other nations that are justifying the creation of their own cyberunits. The People’s Liberation Army in China has a major effort under way; its Unit 61398 has been accused of stealing corporate secrets and intellectual property from American companies, as well as planning for potential attacks on American infrastructure. Iran has created its own cybercorps, which has been blamed for attacks on Saudi Aramco, a major oil producer, and American banks.The cyberforces are inexpensive, Mr. Carter argued. But their very existence, which General Alexander alluded to in Congressional testimony this year, is bound to be cited by other nations that are justifying the creation of their own cyberunits. The People’s Liberation Army in China has a major effort under way; its Unit 61398 has been accused of stealing corporate secrets and intellectual property from American companies, as well as planning for potential attacks on American infrastructure. Iran has created its own cybercorps, which has been blamed for attacks on Saudi Aramco, a major oil producer, and American banks.
Twenty-seven of the 40 new teams will focus on cyberdefenses, General Alexander has said. Thirteen will be directed toward the creation of new cyberweapons. Included among the documents that Mr. Snowden made public was a presidential directive, signed by Mr. Obama last fall, providing guidelines for conducting both defensive and offensive operations. It reserves to the president the decision about whether to conduct cyberattacks. Mr. Carter, a physicist and former Harvard professor who has worked at the Pentagon since the beginning of the Obama administration, blamed the leak of highly classified data partly on decisions made after the investigations into the intelligence failures surrounding the Sept. 11, 2001, terrorist attacks.
“There was an enormous amount of information concentrated in one place,” Mr. Carter said. But General Alexander defended the information-sharing as necessary.
But as the differences between the two men’s description suggest, the pressure to recompartmentalize information is bound to raise questions about whether the government is restoring a system that, ultimately, was blamed for many of the failures to “connect the dots” before the 2001 attacks.