|National Security Agency Headquarters in Maryland.|
Photograph Courtesy of the Department of Defense.
The New York Times published an article on January 18 alleging that the NSA and the U.S. government had long been monitoring North Korean cyber activity. At one point the NYT article included a passage that somewhat hinted that the NSA failed to notice what the North Koreans were doing to Sony.
In recent weeks, investigators have concluded that the hackers spent more than two months, from mid-September to mid-November, mapping Sony’s computer systems, identifying critical files and planning how to destroy computers and servers.
“They were incredibly careful, and patient,” said one person briefed on the investigation. But he added that even with their view into the North’s activities, American intelligence agencies “couldn’t really understand the severity” of the destruction that was coming when the attacks began Nov. 24.
This isn’t a direct accusation of failing to stop the cyber attack. However, it could be perceived that way and by extension it could be perceived as saying the NSA failed to stop it.
But one thing that people have overlooked is that the NSA may not have been the lead agency tasked with stopping this attack. The Department of Homeland Security may have been.
The New York Times reported in 2010 that the, “Pentagon Will Help Homeland Security Department Fight Domestic Cyberattacks.” This article included passages indicating that DHS, and not the NSA, actually is the lead agency responsible for defending against domestic cyber attacks.
Under the new rules, the president would approve the use of the military’s expertise in computer-network warfare, and the Department of Homeland Security would direct the work.
Officials involved in drafting the rules said the goal was to ensure a rapid response to a cyberthreat while balancing concerns that civil liberties might be at risk should the military take over such domestic operations.
The rules were deemed essential because most of the government’s computer-network capabilities reside within the Pentagon — while most of the important targets are on domestic soil, whether within the government or in critical private operations like financial networks or a regional power grid.
This news certainly made it sound as if DHS was in charge of domestic cyber protection in 2010.
And it is unlikely that this arrangement changed between 2010 and the time of the North Korean cyber attack on Sony. The DOD issued a press release on July 17, 2014 making it sound as if the DHS remained the lead agency for defending against cyber attacks.
Partners from across government, academia, industry and the international coalition recently completed Cyber Guard 14-1, a two-week exercise designed to test operational and interagency coordination as well as tactical-level operations to protect, prevent, mitigate and recover from a domestic cyberspace incident.
Elements of the National Guard, reserves, National Security Agency and U.S. Cyber Command exercised their support to Department of Homeland Security and FBI responses to foreign-based attacks on simulated critical infrastructure networks, promoting collaboration and critical information sharing in support of a “whole-of-nation” effort. . . .
DHS is the lead for coordinating the protection, prevention, mitigation of, and recovery from a cyber incident. The Justice Department and the FBI are responsible for the investigation, attribution, disruption and prosecution of domestic cyber crimes, as well as the collection, analysis and dissemination of domestic cyber threat intelligence. DoD is responsible for defending the nation from attack, collecting, analyzing and distributing foreign threat intelligence, and supporting DHS in their protection, prevention and recovery role.
The articles and press release are not enough to say definitively that DHS bears primary responsibility for defending the homeland against cyber attacks. Nor are they enough to say that DHS bore primary responsibility for defending against the North Korean cyber attack on Sony, since Sony is a corporation headquartered overseas.
However, the articles and press release should be enough for the media to start asking questions about which agency bears primary responsibility for defending domestic entities against cyber attacks, and whether it was DHS or NSA that was the lead agency with regards to the North Korean cyber attack on Sony.