February 10, 2016 at 2:00 PM
The National Security Agency has been having a tough time the last couple of years, as it takes the blame for widespread surveillance. It has just announced a major reorganization plan under which its Signals Intelligence (spying) and Information Assurance (domestic protection) directorates are going to be combined in a new Directorate of Operations. From an internal perspective, this is a more rational way to use resources. Spying and protecting U.S. military networks from spying are closer than you might think. From an external perspective, it is likely to damage the NSA's credibility still further. Here's why.
The NSA has two big responsibilities
As the division between the intelligence and assurance directorates suggests, the NSA has traditionally had two big responsibilities. The first — spying and surveillance — gets the lion's share of public attention (and, it would appear, resources). Yet the second responsibility — protecting U.S. networks from external attack — is also very important. The NSA has played a direct role in securing U.S. networks against outside intrusion and indirectly shapes the security of private U.S. networks too, which rely on cryptographic software that has reflected NSA advice. Originally, the NSA wanted to play a bigger role in setting standards for private sector information security but was apparently relegated to a secondary role, in which it provided technical advice to NIST, National Institute for Standards and Technology, on cryptography standards.
These responsibilities now conflict with each other
As everything has moved to the Internet, the NSA's job has become a lot more complicated. Protecting private U.S. networks and computers from intrusion means creating secure cryptographic standards that make it a lot harder for outsiders to break in. The problem is that other networks in other countries are likely to start using the same standards. This means that the better that the NSA does at securing U.S. computers and networks against foreign intrusion, the harder it is going to be for the NSA to break into foreign computers and networks that use the same standards. If, alternatively, it cheats by promoting weak standards, the security of U.S. networks will be weakened, but it will also be easier for the NSA to break into foreign ones.
One of the biggest (if least well publicized) revelations from the Edward Snowden leaks is that the NSA apparently succumbed to temptation and cheated. It advised NIST to introduce a cryptographic standard that had a secret backdoor, allowing the NSA access, and also appears to have paid a private company millions of dollars towards the same end. This caused big political furor — the NIST told people not to use its own proposed standard, and the NSA lost enormous credibility among professional cryptographers and software companies that use cryptography to secure themselves. Its action was interpreted as a signal that the NSA had decided to prioritize breaking into other people's networks over protecting Americans.
The new reorganization is controversial
Under the proposed reorganization, the spying and network security arms of the NSA are going to be integrated. This has led critics like New America's Ross Schulman to argue that the parts of the NSA that want to increase network security have comprehensively lost out to the parts that want to weaken it, so as better to intrude on foreign networks. Lawfare's Susan Hennessey, who has worked as a lawyer for the NSA, has retorted that cryptographic security is still a top priority for the NSA, and may indeed be getting more important.
Hennessey's argument is that the internal priorities of the NSA favor network security over spying. The problem, however, is that this isn't only an internal question for the NSA. It is also an external problem of damaged credibility. And here, even if Hennessey is completely right, the new reorganization is likely to damage credibility further, rather than helping it.
Why the reorganization damages the NSA's credibility
Bureaucratic politics mean that people's careers and resources depend on advocating the priorities of their own part of the organization, defending it against others with clashing aims and, if possible, increasing their share of resources by taking it away from others. Hence, when the NSA had visibly separate organizational structures, with separate budget lines for offense (attacking other people's systems) and defense (defending one's own systems), it helped reassure outside observers a little that the defense perspective has its internal advocates within the organization, even if those advocates often lost.
In a combined structure, that is no longer the case. Outsiders will find it harder to adjudicate whether the organization is prepared to prioritize defense over offense (at least some of the time). And that has consequences. It may make America's adversaries more likely to invest in cyber techniques, to defend themselves against the perceived increased risk of U.S. incursions, perhaps creating a spiral of decreased security in which states start to arm themselves against each other. It may make it less likely that businesses will trust the NSA with information about vulnerabilities — since they do not know if this information will be used to fix the vulnerabilities or to exploit them. It may further erode the dominance of U.S. security standards (and U.S. firms) in world markets. It will surely make the cryptographic community more skeptical of cooperating with the NSA.
Because the NSA is the kind of organization it is, it has great difficulty in communicating its true intentions and getting others to believe them, even when it wants to. Split organizational structures (which are costly because they go along with budget lines, factional fighting and so on) are one of the very few ways that it can credibly communicate its priorities to outsiders, and reassure them, if it wants to reassure them, that it is interested in protecting networks as well as subverting them. By getting rid of the split, the NSA, whether it likes it or not, is making it harder for others to trust its claims. If one were a cynical game theorist one could go further, and argue that because outsiders are even less likely to trust the NSA than they were, the NSA has less to gain from trust-based cooperation, and hence is more likely to behave in an untrustworthy fashion.
Credible communication is a big problem for organizations that work in the classified space. In his excellent forthcoming book on cybersecurity, Adam Segal goes so far as to argue that the NSA's leader, Adm. Michael S. Rogers, recognized that the Snowden leaks helped U.S. deterrence, by providing credible information to the outside world about U.S. capabilities. For better or worse, the NSA has just lost one means of sending credible signals to the outside world.