Modernizing Authentication — What It Takes to Transform Secure Access
LAS VEGAS. Twenty years ago, spotting the "fed" at the DEFCON hacker conference was a sport. Today, one of the top feds in the U.S. intelligence community made that sport real easy, by taking the keynote stage here at DEFCON.
General Keith Alexander, Director of the National Security Agency (NSA), Chief of the Central Security Service (CSS), and Commander of the United States Cyber Command came on stage, out of his military uniform. Instead he wore a DEFCON Kids shirt, voicing his support at multiple points during talk for the DEFCON effort that trains children in the hacker arts.
Alexander noted that he came to DEFCON to meet people -- such as representatives from the Electronic Frontier Foundation (EFF).
"We can protect the network, have civil liberties and privacy -- and you can help us get there," Alexander told the capacity audience. "We can do both and we need to do both."
Alexander noted that there are tremendous vulnerabilities that need to be addressed on the internet today. Many big-name companies are being hacked and he noted that it is likely that there are 100 times more companies that are hacked that aren't aware they have been breached.
The general also noted that he is worried that cyber attacks could have a physical impact, and to that end he stressed that it is a shared responsibility to secure the Internet.
"This is all about our future, we can't sit on the sidelines or let others that don't understand this space tell us what to do," Alexander said. "That's why I came here, to solicit your help."
General Keith Alexander, Director of the National Security Agency, speaks at DEFCON. Photo by the author.
Cryptography and World War II
Alexander offered a historical perspective on the critical role that cryptography has played in intelligence and why the NSA has to keep secrets. Alexander talked about codes broken by the Allied Powers in World War II including Purple, JN-25, Ultra and the German Enigma.
"If the Germans knew we could break the codes, the war may have come out vastly different," Alexander said. "That's why the government has secrets, to keep them from our adversaries."
On the modern battlefield, Alexander said that the job of the NSA and Cyber Command job is to protect the nation from cyber attack.
"But here's the issue, if we can't see an attack how do we stop it?" Alexander asked. "That's where we are right now."
The NSA does have efforts to try and see those future risks. One of them is an effort with industry called DIB (Defence Industrial Base) Pilot. DIB Pilot is about getting tips from private industry about potential attacks by sending log files from network security devices.
"Think of us as the fireman on the network or the easypass on the highway," Alexander said. "When you go down the highway with easypass, you're sending code and the system is not looking into your car, it's just getting the code. What we need for cyber is something analogous to that."
Alexander also went to great pains to de-bunk the myth that the NSA has files on every American.
"No we don't have a file on every American, it's just not true," Alexander said.
He explained that his agency is accountable to multiple branches of the U.S Government and there is lot of oversight. Alexander also stressed that the NSA shares what it can to provide for the common defense of the U.S.
"When we find vulnerabilities we share with industry," Alexander said.
He added that that NSA doesn't always share its data directly as much of the information is typically shared through the FBI and DHS. He noted that many vulnerabilities were found working with people in the hacker community present at DEFCON.
"We can take cyber security to the next level," Alexander said.