HOUSE_OVERSIGHT_020311.jpg

159

single tasking decision” approved by the FISA court. According to Rajesh De, just assembling
these reports involved thousands of hours of manpower. In addition, the President’s Oversight
Board required that NSA’s Office of the General Counsel and Inspector General supply it every
90 days with a list of every single error made by every NSA employee anywhere in the world
deviating from procedures, including even minor typing errors. These requirements, according to
De, inundated a large part of the NSA legal and executive staff in a sea of red tape. Yet, this
regulation could not undo surveillance programs such as the one Snowden revealed of Verizon
turning over the billing records of its custumers to the NSA, because the NSA was in compliance
with the FISA court order (even though, as it turned out in 2015, the FISA court may have erred
in interpreting the law.)

The NSA’s focus on surveillance may have led to the neglect of its second mission: protecting the
integrity of the channels through which the White House, government agencies and military units send
information. This task had been made vastly more difficult by the proliferation of computer networks,
texting and emails in the 21st century. To protect against cyber attacks against government networks, the
Pentagon belatedly created the Cyber Command in 2009. In it, the cyber defense units of the Army, Navy,
Marines, and Air Force cyber forces, were merged together in this new command put under the command
of the NSA director. NSA director Keith Alexander became the first director of this new command. One
problem for the Cyber command was separating attacks by civilians, including criminals, hacktavists and
anarchists, from cyber warfare sponsored and supported by adversary states. Since foreign intelligence
services often closely imitated the tools of civilian hackers, and were even known to provide them with
hacking tools. Even for the Cyber Command, it was not easy challenge to unambiguously determine if the
ultimate perpetrator of a cyber attacks was state-sponsored. For example, the identification of North Korea
as the principal actor behind the attack on Sony in December 2014 appeared to be a rare success, but many
cyber-security experts believed that it might be a false trail used to hide the real attacker. The problem
here was that clues can be fabricated in cyber space to point to the wrong party.

The job of the Cyber command was to prevent such an attack. To this end, it planted viruses on
hundreds of thousands of computers in private hands to act as sentinels to spot other suspicious viruses that
could mount such an attack. So private computers became a new battleground in the cyber was. It also
built a capability to retaliate. The problem was that, unlike incoming missiles, cyber attacks which were
launched through layers of other country’s computers could not be unambiguously traced back to the true
perpetrator.

This escalation by the Cyber Command set the stage for expanded forms of warfare in Cyber space.
“The Chinese are viewed as the source of a great many attacks on western infrastructure and just recently,
the U.S. electrical grid,” General Alexander said in explaining the need for this consolidation. “If that is
determined to be an organized attack, I would want to go and take down the source of those attacks.” The
same retaliation would presumably be used against Russia, Iran or any other adversary. Dominance of
cyber space itself now became part of the NSA’s mandate.

Even so, the most important job of the NSA remained intercepting secret information from
Russia, China, Iran, and North Korea. To this end, it had an annual budget of $12.3 billion and
some 35,000 military and civilian employees. In 2012, James Clapper, Jr., the Director of

HOUSE_OVERSIGHT_020311