NSA Oversight, Cyber Command, and Potential Misuse of Private Computers for Cyber Warfare

159 single tasking decision” approved by the FISA court. According to Rajesh De, just assembling these reports involved thousands of hours of manpower. In addition, the President’s Oversight Board required that NSA’s Office of the General Counsel and Inspector General supply it every 90 days with a list of every single error made by every NSA employee anywhere in the world deviating from procedures, including even minor typing errors. These requirements, according to De, inundated a large part of the NSA legal and executive staff in a sea of red tape. Yet, this regulation could not undo surveillance programs such as the one Snowden revealed of Verizon turning over the billing records of its custumers to the NSA, because the NSA was in compliance with the FISA court order (even though, as it turned out in 2015, the FISA court may have erred in interpreting the law.) The NSA’s focus on surveillance may have led to the neglect of its second mission: protecting the integrity of the channels through which the White House, government agencies and military units send information. This task had been made vastly more difficult by the proliferation of computer networks, texting and emails in the 21* century. To protect against cyber attacks against government networks, the Pentagon belatedly created the Cyber Command in 2009. In it, the cyber defense units of the Army, Navy, Marines, and Air Force cyber forces, were merged together in this new command put under the command of the NSA director. NSA director Keith Alexander became the first director of this new command. One problem for the Cyber command was separating attacks by civilians, including criminals, hacktavists and anarchists, from cyber warfare sponsored and supported by adversary states. Since foreign intelligence services often closely imitated the tools of civilian hackers, and were even known to provide them with hacking tools. Even for the Cyber Command, it was not easy challenge to unambiguously determine if the ultimate perpetrator of a cyber attacks was state-sponsored. For example, the identification of North Korea as the principal actor behind the attack on Sony in December 2014 appeared to be a rare success, but many cyber-security experts believed that it might be a false trail used to hide the real attacker. The problem here was that clues can be fabricated in cyber space to point to the wrong party. The job of the Cyber command was to prevent such an attack. To this end, it planted viruses on hundreds of thousands of computers in private hands to act as sentinels to spot other suspicious viruses that could mount such an attack. So private computers became a new battleground in the cyber was. It also built a capability to retaliate. The problem was that, unlike incoming missiles, cyber attacks which were launched through layers of other country’s computers could not be unambiguously traced back to the true perpetrator. This escalation by the Cyber Command set the stage for expanded forms of warfare in Cyber space. “The Chinese are viewed as the source of a great many attacks on western infrastructure and just recently, the U.S. electrical grid,” General Alexander said in explaining the need for this consolidation. “If that is determined to be an organized attack, I would want to go and take down the source of those attacks.” The same retaliation would presumably be used against Russia, Iran or any other adversary. Dominance of cyber space itself now became part of the NSA’s mandate. Even so, the most important job of the NSA remained intercepting secret information from Russia, China, Iran, and North Korea. To this end, it had an annual budget of $12.3 billion and some 35,000 military and civilian employees. In 2012, James Clapper, Jr., the Director of HOUSE_OVERSIGHT_020311