POV: Politics

NSA needs to take further action to thwart cyber attacks

For most students, going to college marks the beginning of a journey into the world of personal finance. As young adults, we take baby steps into the fiscal world with credit cards, checking accounts and online banking options. According to the Senate Committee on Homeland Security and Governmental Affairs, that makes us a target of Iran.

In this past year, the U.S. banking industry has endured a firestorm of progressively more intense attacks on their computer systems, believed by intelligence officials to be launched from Iran.

These aren’t your average hack-and-jack incidents. They also aren’t the typical distributed denial-of-service assaults, which result in server crashes due to unmanageable amounts of site traffic. The attacks in question are still DDoS assaults, but the volume of traffic flow used to crash these servers greatly exceeds any capacity the industry has been prepared to handle.

Up to this point, these strikes have only wreaked havoc on day-to-day money-lending activities, such as online banking. However, with the dawn of a rocky fourth-quarter earnings season upon us, the last thing executive boards and industry stakeholders want to report is a drop in corporate profits, let alone a loss in overall operational productivity.

Relax. Ahmadinejad doesn’t have your three-digit security code, thanks to the National Security Administration. To ensure that financial privacy remains secure and routine transactions regular, the NSA has been functioning as a consulting firm for banks across the country.

While the NSA is responsible for “information assurance,” it serves the purpose of safeguarding, in this case, “national security systems.” Thus, the NSA believes it is acting “in full compliance with all applicable laws and regulations” when it offers technical help to the banks, it said in a statement. But only a few NSA employees work on a given investigation at a time, trying to uncover how the attack happened and what was compromised and following up the investigation with a proposal of a cutting-edge defense strategy.

Regardless of the fact that the NSA is most likely operating in full conformity within the spectrum of its designated powers, the laws governing its powers are very vague. For starters, the concept of “national security” can be stretched to incorporate just about any area imaginable. The NSA officially has access to any data the banks possess capable of being deemed critical to national security.

So now the government agency home to the Utah Data Center, a.k.a. the NSA Spy Center, has access to personal financial records from major U.S. Banks. As if billions of chronicled phone call conversations from chief wireless carriers don’t provide them with enough information about us.
Why are these banks at the feet of the fed? After all, private financial institutions offer much more competitive salaries to cyber employees than government agencies can afford to give. It’s no secret that these companies are able to recruit the best and brightest for their cybersecurity teams.

I’m not a fan of big government, but if the best cybersecurity analysts can’t stop these attacks – attacks that will ultimately affect all aspects of the fiscal world – the NSA, with oversight to ensure the nature of their actions, should step in and give the counterpunch their all.