NSA Chief Says Recent Hacks Expose Limits of U.S. Cyber Protections
By James Rundle
Recent hacks that affected thousands of companies should prompt
the U.S. to rethink how it responds to cyberattacks, the head of
the country's top digital spy agency said Thursday before a Senate
The U.S. has attributed attacks on SolarWinds Corp. discovered
late last year to Russia, and Microsoft Corp. blamed Chinese
hackers for attacks on its Exchange Server software. Both countries
have denied responsibility. The attacks have affected at least tens
of thousands of customers, and were detected by private-sector
companies, not government agencies.
"This is a scope, a scale, a level of sophistication that we
hadn't seen previously," said Gen. Paul Nakasone, the director of
the National Security Agency, who also serves as the head of U.S.
Cyber Command. "This isn't simply email phishing attempts -- this
is the use of supply chains, or this is the use of vulnerabilities
we hadn't seen before," Gen. Nakasone said at a hearing held by the
Senate Armed Services Committee.
The incidents highlighted the difficulty of combating hackers,
who can operate across borders, and are sometimes able to evade
detection by using U.S. laws that govern when and where the
military can be deployed, he said. Lawmakers have previously
expressed concerns that such laws create a blind spot for cyber
The NSA, for instance, is only authorized to operate outside
U.S. borders, whereas the Federal Bureau of Investigation and other
agencies are responsible for cybersecurity law enforcement
domestically. Foreign attackers are aware of this and use
U.S.-based servers to launch attacks from inside the country,
effectively bypassing the NSA, Gen. Nakasone said.
"It's not the fact that we can't connect the dots. We can't see
all of the dots," he said.
Gen. Nakasone stopped short of calling for the NSA to be given
the authority to surveil domestic networks when questioned directly
by Sen. Mike Rounds (R., S.D.). He said that there are a number of
ways to tackle the issues revealed by such sweeping and complex
attacks, including enhanced cooperation with the private sector.
The issue of surveillance, he said, carries both policy and legal
concerns and was closely linked to the Fourth Amendment, which
protects against unreasonable searches and seizures.
However, hackers are often able to move faster than authorities,
who have to gain warrants and go through other procedures before
acting, he said, which the attacks on SolarWinds and Microsoft
"I think it's the clarion call for us to look at this
differently," he said. "How do we ensure we have, as a nation, both
the resiliency and the ability to act against these types of
Write to James Rundle at email@example.com
(END) Dow Jones Newswires
March 26, 2021 05:44 ET (09:44 GMT)
Copyright (c) 2021 Dow Jones & Company, Inc.