Damage to U.S. national security caused by NSA contractor Edward Snowden will take decades to repair, the White House official in charge of cyber security said Friday.
“Make no mistake: We are going to be dealing with the fallout from that for all of your careers, and the impact that that has had on our national security will reverberate for decades,” Michael Daniel, special assistant to the president for cyber security, told Naval Academy midshipmen.
Daniel, in a speech to the academy’s Center for Cyber Security Studies, also said the Obama administration has adopted a passive approach to offensive and retaliatory cyber attacks against nation states and criminal hackers caught attacking U.S. networks. Cyber attacks are a tool of last resort after diplomacy and law enforcement means are tried, he said.
“We are going to prioritize network defense and law enforcement” before conducting offensive cyber attacks, Daniel said in a wide-ranging speech.
The presidential cyber security official also said the administration opposes placing control of the Internet under foreign governments, despite a recent announcement that the federal government will give up authority over the Internet name server group.
Instead, the administration favors what Daniel called a multi-stakeholder approach to Internet governance involving both governments and the private sector that would protect free speech and dissidents.
Snowden, currently under the protection of the Russian government, stole an estimated 1.7 million classified NSA documents using his access as a computer administrator and by fooling several NSA employees into providing their passwords.
Snowden compromised sensitive “accesses” used by the National Security Agency to conduct electronic spying, along with “techniques and tools that are no longer available to us,” Daniel said, without elaborating.
Daniel said he has spent a huge amount of time over the past year “trying to figure out how to plug the holes that Mr. Snowden revealed that we have in the security of our classified networks.”
Other classified NSA systems are being rebuilt and the Snowden affair also has undermined efforts to focus on other pressing cyber security and national security issues, he said.
The comments on Snowden came in response to a question about whether the U.S. government should offer amnesty to the renegade NSA network administrator to recover the lost secrets, many of which have not been disclosed.
Rick Leggett, head of a special NSA task force in charge of the Snowden leaks, told CBS in December that offering some type of legal deal to Snowden in exchange for the return of classified NSA documents pilfered by Snowden is “worth having a conversation about.”
Daniel said he too would like to find out from Snowden the full extent of the stolen classified documents, a portion of which were disclosed to a few news organizations.
“I think it would be very valuable for us to actually understand in much greater detail everything that was taken,” Daniel said.
Outgoing NSA Director Army Gen. Keith Alexander has said he opposes any amnesty for Snowden. “This is analogous to a hostage-taker taking 50 people hostage, shooting 10 and then say, ‘If you give me full amnesty, I’ll let the other 40 go.’ What do you do?” Alexander said, also on CBS. “I think people have to be held accountable for their actions.”
Snowden is facing espionage charges and U.S. intelligence officials believe the documents he has with him were accessed by Russian and possibly Chinese intelligence.
The most recent Snowden disclosures included classified documents that revealed NSA cyber attacks against China’s Huawei Technologies, a global Internet equipment manufacturer accused by the U.S. government of serving as a covert arm of the Chinese intelligence and security apparatus.
China has been linked by the U.S. government to large-scale theft of U.S. government and private sector data through cyber espionage operations.
On offensive cyber operations, Daniel said he has taken part in “long and torturous debates” in the White House Situation Room on the use of cyber attack capabilities, noting that “these are very, very difficult problems” that will continue to be debated.
Regarding cyber retaliation against the growing threat of increasingly sophisticated cyber attacks, Daniel said deterrence and attributing the source of attacks remains very difficult, and there are complicated polices for retaliatory cyber attacks.
“It’s still very difficult to do really good attribution in cyber space,” Daniel said.
Hackers and foreign nation states do not use computer and network servers labeled “bad guy servers,” he said, noting that they often hijack other people’s networks when conducting attacks.
“So when we consider what we’re doing to actually strike back at some of these things, we have to be very careful,” he said, adding that a counter cyber attack might damage the network that provides electrical power to a hospital or a university.
Still, the administration is working on policy tools that will include cyber attacks in response, although the response will “not always be in cyberspace.”
“The right response might be through diplomatic channels—‘Hey, we know who you are. Knock it off’—and maybe through law enforcement channels,” Daniel said.
Counter attacks against hackers could include digital strikes against “botnets”—networks that have been taken over by cyber attackers and used for malicious activities, he said. For such actions, international cooperation will be needed.
International cyber strikes together with other nations simultaneously will increase the effect of the counterattacks, he said.
“This is hard. We’ve worked at it for several years; we’ve gotten better, but we need to do a lot more in that space.”
Deterring foreign cyber attacks will remain murky and for military cyber warriors will involve an electronic “fog of war” that is similar to its counterpart on conventional battlefields, Daniel said.
On Internet governance, Daniel said the administration is opposing proposals by non-democratic states such as China, Russia, and Iran to place control of the Internet under an international organization.
“It is not enough for us to assume that the status quo that we’ve enjoyed for the last 15 or 20 years that has enabled the Internet to thrive as an open platform are simply going to endure,” Daniel said.
“We face a real risk that the multi-stakeholder approach, this approach that has enabled the platform that is the Internet to bring civilians greater transparency, dissidents a protected voice, and economies increased growth will soon change and not for the better,” he added.
Some governments, which he did not name, favor an intergovernmental approach to Internet governance that would fragment the Internet, slow the pace of innovation, and hamper international economic growth.
The administration instead is favoring a joint government-private sector framework that would protect Internet freedom, he said.
Daniel did not address the administration’s controversial announcement March 14 that the Commerce Department will give up control over nonprofit group Internet Corporation for Assigned Names and Numbers (ICANN) next year.
Former House Speaker Newt Gingrich denounced the move as the removal of U.S. control over a vital resource.
“What is the global Internet community that Obama wants to turn the Internet over to? This risks foreign dictatorships defining the Internet,” he stated in a tweet.
Michele Van Cleave, former national counterintelligence executive, said the potential damage caused by Snowden is staggering.
Van Cleave said one likely impact is that future sources and methods of intelligence collection will be curtailed.
“Snowden’s treachery is especially grave because he exposed how all the parts fit together—the blueprints for how America’s most significant intelligence enterprise actually works—which is also the blueprint for how to defeat it,” she said.
“So what does this mean in real terms? It means that the president may not have the intelligence he needs to have for crucial decisions. Nor will the Congress. We may not see threats we should have seen, never mind opportunities. It means that there may be future attacks that we do not see coming, which otherwise might have been prevented,” Van Cleav said in an email.