Sabotaging one of Obama's Top Priorities: NSA Undermines Internet Security
The NSA Isn't Just Spying on Us, It's Also Undermining Internet Security
As part of its push for mass surveillance, the spy agency has taken steps to sabotage one of Obama's top priorities.
<snip>
The leaks from Edward Snowden have revealed a variety of efforts by the NSA to weaken cybersecurity and hack into networks. Critics say those programs, while helping NSA spying, have made U.S. networks less secure.
According to the leaked documents, the NSA inserted a so-called back door into at least one encryption standard that was developed by the National Institute of Standards and Technology. The NSA could use that back door to spy on suspected terrorists, but the vulnerability was also available to any other hacker who discovered it.
NIST, a Commerce Department agency, sets scientific and technical standards that are widely used by both the government and the private sector. The agency has said it would never deliberately weaken a cryptographic standard, but it remains unclear whether the agency was aware of the back door or whether the NSA tricked NIST into adopting the compromised standard. NIST is required by law to consult with the NSA for its technical expertise on cybersecurity.
The revelation that NSA somehow got NIST to build a back door into an encryption standard has seriously damaged NISTs reputation with security experts.
NIST is operating with a trust deficit right now, Soghoian said. Anything that NIST has touched is now tainted.
Its a particularly bad time for NIST to have lost the support of the cybersecurity community. In his executive order, Obama tasked NIST with drafting the cybersecurity guidelines for critical infrastructure such as power plants and phone companies. Because its an executive order instead of a law, the cybersecurity standards are entirely voluntary, and the U.S. government will have to convince the private sector to comply.
<snip>
http://www.nationaljournal.com/daily/the-nsa-isn-t-just-spying-on-us-it-s-also-undermining-internet-security-20140429