Communications Litigation Today was a Warren News publication.
Delayed Disclosure Sought

Senators Question NSA Director on Surveillance at Cybersecurity Hearing

Gen. Keith Alexander, director of the National Security Agency (NSA), told the Senate Appropriations Committee Wednesday that a pair of controversial NSA surveillance programs was “the right thing to do” to protect Americans, saying “what we are doing does protect Americans’ civil liberties.” Alexander is also commander of the U.S. Cyber Command. NSA’s collection of phone metadata and user data from online services came to light last week following leaks from now-former Booz Allen contractor Edward Snowden (CD June 10 p5). Alexander said during the hearing Wednesday, his first public comments since the leaks, that he wants to disclose further information on the programs to the public -- but he wants to consult further with the U.S. intelligence community to prevent any public information from hurting U.S. security. “We aren’t trying to hide it,” he said.

Wednesday’s hearing was intended to focus on implementation of President Barack Obama’s cybersecurity executive order, including determining whether the $13 billion the White House requested for implementation efforts during fiscal year 2014 is adequate. That budget includes $9.2 billion for the Defense Department, including the U.S. Cyber Command; the Department of Homeland Security (DHS) would get nearly $1.3 billion; while the Department of Commerce, including the National Institute of Standards and Technology (NIST), would get $215 million.

The hearing occurred 120 days after Obama issued the executive order; Wednesday was the deadline for DHS and other agencies to submit reports to the White House to inform how they will implement the order (CD Feb 14 p1). Among those were DHS and other agencies’ reports on expanding the government’s sharing of cyberthreat information with industries the U.S. considers to be critical infrastructure. DHS and other agencies were also set to submit recommendations to the White House on incentivizing companies to follow the voluntary Cybersecurity Framework that industry is developing with support from NIST and DHS. Acting Deputy Homeland Security Secretary Rand Beers told the hearing it has submitted its reports to the Office of Management and Budget. Those reports, like the reports submitted by other agencies, will be submitted for public review after an interagency process, Beers said.

NIST Director Patrick Gallagher said a “whole government approach” is necessary to combat cyberthreats. Besides facilitating development of the Cybersecurity Framework, NIST also partners with industry in other efforts to address cybersecurity issues, including establishment of the National Cybersecurity Center of Excellence (NCCoE), Gallagher said. The NCCoE is a public-private collaboration meant to accelerate development of cybersecurity technologies.

The FBI, like other government agencies, is addressing cybersecurity in the same way it addressed national security post-9/11, said Richard McFeely, FBI executive assistant director-Criminal, Cyber, Response and Services Branch. The agency has experience a “paradigm shift” on cybersecurity operations, he said. “We are now working with our partners to disrupt those behind the keyboard,” particularly through the National Cyber Investigative Task Force, McFeely said.

Committee Chairwoman Barbara Mikulski, D-Md., cautioned other members of the committee that the hearing was meant to focus on U.S. investment in cybersecurity efforts, rather than the NSA programs. The committee wanted to ensure the government avoids “techno-boondoggles,” she said. Those NSA programs would be discussed during a closed hearing set for Thursday to be chaired by Senate Intelligence Committee Chairwoman Dianne Feinstein, D-Calif. Although some questions were directed at Beers, Gallagher and McFeely, much of the focus centered on Alexander. The Senate Appropriations Committee held a closed session Wednesday following the public hearing.

Sen. Patrick Leahy, D-Vt., questioned how often the surveillance programs had been critical in preventing terrorist attacks. Although Alexander declined to provide Leahy and other senators with detailed information on the NSA programs during the hearing, he said they had helped prevent “dozens” of terrorist attacks. The NSA hopes to provide the Senate with the most detailed information on the programs by next week, and hopes to disseminate a declassified version of that information to the public, Alexander said. “I want the American public to know we're being transparent here,” he said.

Sen. Susan Collins, R-Maine, asked Alexander to confirm whether Snowden was correct when he claimed he could wiretap any phone call originating in the U.S. “I know of no way to do it,” Alexander said. Snowden’s leaks on the programs have made the U.S. “less secure than two weeks ago” -- and in some aspects were also incorrect, Alexander said.

The Snowden leaks showed that the government still needs to work on ensuring it has a “well-qualified, well-vetted cyber workforce,” Collins said. Failings in that system allowed Snowden’s hiring at the CIA, where he had received clearance to a “wide array” of classified documents, said Sen. Richard Durbin, D-Ill. Noting that Snowden, a high-school and community college dropout who later earned his GED, received that security clearance at age 23, Durbin asked Alexander if he was troubled by the government giving Snowden the opportunity to access that information. “I have great concerns over that,” Alexander said. But he also said Snowden had “great skills” in the IT arena; the government needs to look into its hiring process, Alexander said.