NSA deputy Chris Inglis pledges ‘more transparency’
By Gordon Corera Security correspondent, BBC News
The US electronic spy agency is committed to being more transparent, a senior official has told the BBC.
In a rare interview on a recent visit to London, National Security Agency (NSA) Deputy Director Chris Inglis spoke to the BBC about cyber-security.
His comments came in the wake of revelations about the agency’s work from former contractor Edward Snowden.
Mr Snowden’s leaks sparked a debate about secrecy and the scale of the agency’s powers.
In the interview, Mr Inglis said there was a need to consider the balance between secrecy and transparency in order to have the public’s confidence.
With the world becoming more reliant on the internet, Mr Inglis outlined concerns over three threats in cyberspace: the theft of intellectual property and secrets; disruption of networks (for instance, attacks that have taken websites of American banks offline in recent months); and destructive acts such as those that targeted Saudi Aramco last year, destroying tens of thousands of computers.
NSA had a responsibility from way back, from our earliest days to both break codes and make codes”
Chris Inglis NSA Deputy Director
“There is no failure of imagination in this space,” he said of those seeking to exploit the internet.
Dealing with threats requires more being done by both the private sector and the government to better defend networks and deter adversaries, he said.
Responses to cyber attacks – such as those on American banks, which many commentators believe came from Iran – needed to be carefully thought through and might involve a range of tools, the NSA’s number-two said.
“If at the end of the day we were to determine that those were attributable to another nation state, then surely we might think that is then the crossing of a red line,” Mr Inglis said. “But the response should be proportionate,” adding that it may come from the private sector rather than government.
Dealing with commercial espionage in cyberspace, he said, might also involve a range of measures including private or public diplomatic pressure and the targeting of individuals for criminal prosecution.
The job of the NSA, Mr Inglis said, was to exploit networks to collect intelligence in cyberspace and to defend certain networks – but not carry out destructive acts.
“NSA had a responsibility from way back, from our earliest days, to both break codes and make codes,” he said. “We have a responsibility to do intelligence in a space we once called the telecommunications arena – now cyberspace – and the responsibility to make codes or to defend signals communications of interest.
“That’s different than what most people conceive as offence or attack in this space.”
‘People are nervous’
That task of destructive cyber attack, if ordered, lies with the US military’s rapidly expanding Cyber Command.
However, both the NSA and Cyber Command are led by the same man – General Keith Alexander – because the three fields of exploiting, defending and attacking are closely related.
“We realised a long time ago that the predicate for all those actions is first understanding how cyberspace works,” Mr Inglis said. “Second: finding, fixing, holding in your mind’s eye the thing that you would either defend, or exploit or attack. And then – and only then – do you make that final choice about what you are going to do about that.
“At least in the military component, the US has chosen to invest all those things in a single person such that that person may then orient and synchronise those activities in a way that they complement each other.”
Mr Inglis has worked for more than 25 years in the NSA, the last seven as deputy director, the highest-ranking civilian.
There is no doubt that the last few months will have been the most difficult as the NSA – which was so secret people used to joke that its initials stood for “no such agency” – has been thrust into an uncomfortable spotlight by the leaks by Mr Snowden.
“I do think there needs to be more transparency,” Mr Inglis told the BBC.
“We’ve had a discussion many times across the summer about the need to perhaps rebalance the balance between national security and civil liberties,” he said.
“I don’t think that is the case. I think that both of those must be given equal and full support. I don’t think that we trade one for the other.
“But I do think we have to consider the balance between secrecy and transparency in order to have the public’s confidence or [that of] those who stand in the shoes of the public and act on their behalf, say in the Congress,” Mr Inglis added. “There needs to be greater transparency and we are committed to that.”
The revelations from Mr Snowden have indicated a scale of capability that has surprised even close observers of the NSA and its British partner GCHQ, and this has raised concerns over whether the capabilities are sufficiently accountable.
“I can appreciate that people are nervous,” Mr Inglis said.
“And we ourselves at NSA need to respect that and therefore offer up whatever is necessary in terms of transparency to secure the confidence of our overseers and beyond them the American public – and for that matter allies.”
One of the tensions for the NSA over many years is the balance between its two roles of defending networks and exploiting them for intelligence.
The most controversial revelation within the cyber security community was the claim that the NSA had been deliberately weakening some of the security protocols surrounding encryption, either by introducing back doors or by modifying international standards to ensure it could gain access to gather intelligence on its targets.
“What we have found over time is that our adversaries are using precisely the same communication systems, services, pathways as our citizens,” Mr Inglis told the BBC.
“But in pursuing our adversaries we must also defend our citizens,” he said. “We must not hold them at risk. And so we do try to crack the encryption used by terrorists and other adversaries in that system. We need to make sure that we do not hold at risk the encryption that is used by US citizens.”
“So that’s rule one and we do in fact find ways to do precisely that,” he added. “It is false to imagine or say that NSA broadly has the capability to decrypt most of the encryption that is used by any citizen in the world but in particular US citizens.”
The revelations by the Guardian newspaper that the NSA was collecting metadata about US communications raised concerns that the agency was getting involved in domestic surveillance.
Mr Inglis argued that this collection operated under constraints.
“Beyond saying that I’m not Big Brother I think we are committed to demonstrating we are not Big Brother,” he said, adding that this would involve illuminating the controls on the NSA’s actions and performance statistics on those controls.
Even beyond the revelations by Mr Snowden, the role of the NSA in cyberspace and the resulting questions of where responsibility lies for defence, intelligence gathering and attack mean the agency is unlikely to be able to retreat back into the secrecy that it enjoyed for so long.