NSA Using The Cloud To Thwart The Next Snowden

Uploaded on 2016-03-23 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Inside NSA Headquarters, Fort Meade, Maryland

In a post-Snowden world, is it really a good idea to have analysts swimming around in one vast ocean of NSA secrets and data?

Snowden’s stream of leaked NSA secrets about classified surveillance programs shined the public spotlight on the clandestine government organization. Though the stream has now dissipated to a trickle, the impact to the intelligence community continues.

To privacy activists, Snowden’s leaks were a godsend. They forced a national discussion on government surveillance and even coaxing the likes of Director of National Intelligence James Clapper to admit the intelligence community needs to be more transparent.

Yet, the leaks have “had a material impact” on NSA’s ability to generate intelligence around the world, NSA Director Michael Rogers said back in February 2015.

Within NSA’s Fort Meade, Maryland, headquarters, no one wants to face another Snowden. With NSA’s widespread adoption of cloud computing, the spy agency may not have to.

Could the Cloud Have Stopped Snowden?

NSA bet big on cloud computing as the solution to its data problem several years ago.

Following expanded legal authorities enacted after the Sept. 11, 2001, terrorist attacks, NSA and the other 16 agencies within the intelligence community began to collect a gargantuan amount of intelligence data: Internet traffic and emails that traverse fiber optic cables; telephone call metadata; and satellite reconnaissance.
Much of that intelligence piled up in various repositories that had to stock up on servers to keep up with demand.  

NSA’s GovCloud—open-source software stacked on commodity hardware—creates a scalable environment for all NSA data. Soon, most everything NSA collects will end up in this ocean of information.

At first blush, that approach seems counterintuitive. In a post-Snowden world, is it really a good idea to put everything in one place—to have analysts swimming around in an ocean of NSA secrets and data?

It is, if that ocean actually controls what information analysts in the NSA GovCloud can access. That’s analogous to how NSA handles security in its cloud.

NSA built the architecture of its cloud environment from scratch, allowing security to be baked in and automated rather than bolted on and carried out by manual processes. Any piece of data ingested by NSA systems over the last two years has been meta-tagged with bits of information, including where it came from and who is authorized to see it in preparation for the agency’s cloud transition.

Data in the GovCloud doesn’t show up to analysts if they aren’t authorized, trained or cleared to see it, according to NSA Chief Information Officer Lonny Anderson.

“While putting data to the cloud environment potentially gives insiders the opportunity to steal more, by focusing on securing data down at cell level and tagging all the data and the individual, we can actually see what data an individual accesses, what they do with it, and we can see that in real time,” Anderson told Nextgov. “So we think this actually dramatically enhances our capability.”

NSA cloud strategist Dave Hurry further clarified NSA’s approach to securing data within GovCloud.
“We don’t let people just see everything; they’re only seeing the data they are authorized to see,” Hurry told Nextgov.

What about adventurous, negligent or potentially nefarious insiders? How exactly Snowden ferreted out NSA’s secrets for months across numerous databases and evaded detection remains uncertain. But what is clear is that his actions should have thrown up some Utah Data Center-sized red flags. They didn’t.

GovCloud’s other baked-in security features are likely to deter all but the boldest of would-be rogue insiders. In the past, Anderson said, disparate data repositories contained log files to track user behavior, but those logs “had to be manually reviewed.”

That’s not a good recipe to catch malicious behavior. GovCloud automates those monitoring processes and flags network security personnel, Anderson said, when a user attempts to “exceed limits of authority.”

“The [GovCloud] system could prevent it,” Anderson said. “But what it would have immediately done is highlighted and told our network security heads that someone is pulling a lot of data.” That information would “allow us to visit the individual,” or “we could shut it down at the point we saw it,” Anderson said. “It would have prevented what Mr. Snowden did,” Anderson added.

More Than Just Security

More than simply Snowden-proofing its data, GovCloud’s other features make it even more attractive to analysts and top agency officials charged with protecting national security interests. GovCloud’s architecture has a “fact-of” function that alerts analysts that additional data on a query may be available but inaccessible based on the analyst’s access controls.

NSA’s cloud migration will also significantly beef up the agency’s ability to comply with a plethora of legal rules, mandates and executive order. Just as security is automated in NSA’s cloud, so too are compliance measures such as data preservation orders or data retention rules.

Old repositories operating on legacy architecture predate many more recent laws and policy changes. The USA Patriot Act of 2001, for example, was authored into law after some of NSA’s existing legacy repositories were built, so NSA’s only option to adhere to evolving policies was to “bolt on compliance,” Anderson said.

As NSA further transitions to using cloud, analysts will make better use of their time, making queries against one database instead of repeated ones against dozens of relational databases. NSA’s centralized cloud will also alleviate uncertainty regularly faced by analysts when they query databases.

After running a query, analysts sometimes wonder whether they are actually authorized to view certain data. That kind of doubt influences what and how analysts generate intelligence reports. With the GovCloud, on the other hand, analysts will have near certainty that they’re only seeing information they are supposed to see.

Moving More than Data to the Cloud

NSA has been slowly migrating users to its new cloud architecture to ease the transition, but the pace has begun to pick up speed. Three weeks ago, Anderson said NSA transitioned users off three of the biggest legacy repositories into its cloud environment. Those users include NSA personnel, Defense Department and other intelligence community personnel.

The move has not come without obstacles. The cloud organizes data differently than old repositories, and some analyst methods do not translate to NSA’s cloud model. However, the agency is training analysts on new methodologies.

Closing down repositories filled with untold racks of servers the way NSA did three weeks ago will also save the agency money in operations and maintenance. Some of those systems are decades old. Servers housed in closed repositories will be destroyed and their data deleted, Anderson said.

In the coming years, closed repositories will come to signal the success of NSA’s bet on cloud computing. Will it prevent the next Edward Snowden-like attack? NSA officials are counting on it, but they’re counting on the cloud for a lot more than that.

DefenseOne: 

« Why Executives Need to Prioritise Cybersecurity
A Cashless Society Can’t Fix Our Money Worries »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ECSC Group

ECSC Group

ECSC is a full-service information security provider, specialising in 24/7/365 security breach detection and Artificial Intelligence (AI).

Security Innovation

Security Innovation

Security Innovation is a leader in software security assessments and application security training to top organizations worldwide.

CyberSource

CyberSource

CyberSource provides online payment and fraud management services for medium and large-sized merchants.

CERT-IS

CERT-IS

CERT-IS is the national Computer Emergency Response Team for Iceland.

Positive Technologies

Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection.

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

BooleBox

BooleBox

Boolebox is the innovative suite of enterprise data protection applications that preserve the integrity and confidentiality of data from any unauthorized access.

Magtech Solutions

Magtech Solutions

Magtech Solutions is a one-stop IT Solutions provider offering Cloud Computing, IT Security, Unified Email Solutions and ERP systems.

SOCOTEC Certification International

SOCOTEC Certification International

SOCOTEC Certification International has been providing management systems assessment and accredited ISO certification services to organisations around the world since 1995.

CyberSwarm

CyberSwarm

CyberSwarm is developing a neuromorphic System-on-a-Chip dedicated to cybersecurity which helps organizations secure communication between connected devices and protect critical business assets.

Hunton Andrews Kurth

Hunton Andrews Kurth

Hunton Andrews Kurth LLP serves clients across a broad range of complex transactional, litigation and regulatory matters. Practice areas include Privacy and Cybersecurity.

Samurai Digital Consulting

Samurai Digital Consulting

Samurai Digital Security are a cyber and Information security services provider, specialising in penetration testing, incident response, user awareness and information governance solutions.

MS Tech Solutions

MS Tech Solutions

MS Tech Solutions is a Jamaican-based, multinational consulting company that specializes in the architecture, implementation and management of key network and Information technologies.

Tracer

Tracer

Tracer (formerly Appdetex) is a next-generation brand protection solution. It constantly finds, analyzes, and stops brand abuse across Web2 and Web3 digital channels.

CODA Intelligence

CODA Intelligence

CODA's AI-powered attack surface management platform helps you sort out the important remediations needed in order to avoid exploits on your systems.

SignPath

SignPath

SignPath provides leading-edge software and SaaS services that ensure code integrity from development to distribution.