U.S. code-cracking agency works as if compromised
By Jim Wolf
WASHINGTON (Reuters) - The U.S. government's main code-making and code-cracking agency now works on the assumption that foes may have pierced even the most sensitive national security computer networks under its guard.
"There's no such thing as 'secure' any more," Debora Plunkett of the National Security Agency said on Thursday amid U.S. anger and embarrassment over disclosure of sensitive diplomatic cables by the web site WikiLeaks.
"The most sophisticated adversaries are going to go unnoticed on our networks," she said.
Plunkett heads the NSA's Information Assurance Directorate, which is responsible for protecting national security information and networks from the foxhole to the White House.
"We have to build our systems on the assumption that adversaries will get in," she told a cyber security forum sponsored by the Atlantic and Government Executive media organizations.
The United States can't put its trust "in different components of the system that might have already been violated," Plunkett added in a rare public airing of NSA's view on the issue. "We have to, again, assume that all the components of our system are not safe, and make sure we're adjusting accordingly."
The NSA must constantly fine tune its approach, she said, adding that there was no such thing as a "static state of security."
More than 100 foreign intelligence organizations are trying to break into U.S. networks, Deputy Defense Secretary William Lynn wrote in the September/October issue of the journal Foreign Affairs. Some already have the capacity to disrupt U.S. information infrastructure, he said. Continued...