The NSA is undergoing a major reorganization, combining its attack and defense sides into a single organization:
In place of the Signals Intelligence and Information Assurance directorates the organizations that historically have spied on foreign targets and defended classified networks against spying, respectively the NSA is creating a Directorate of Operations that combines the operational elements of each.
It’s going to be difficult, since their missions and culture are so different.
The Information Assurance Directorate (IAD) seeks to build relationships with private-sector companies and help find vulnerabilities in software most of which officials say wind up being disclosed. It issues software guidance and tests the security of systems to help strengthen their defenses.
But the other side of the NSA house, which looks for vulnerabilities that can be exploited to hack a foreign network, is much more secretive.
“You have this kind of clash between the closed environment of the sigint mission and the need of the information-assurance team to be out there in the public and be seen as part of the solution,” said a second former official. “I think that’s going to be a hard trick to pull off.”
I think this will make it even harder to trust the NSA. In my book Data and Goliath, I recommended separating the attack and defense missions of the NSA even further, breaking up the agency. (I also wrote about that idea here.)
And missing in their reorg is how US CyberCommmand’s offensive and defensive capabilities relate to the NSA’s. That seems pretty important, too.
February 5, 2016 at 09:15PM
via Schneier on Security http://ift.tt/1nSCgyo