|
|
|
|
|
|
by nickpsecurity
3531 days ago
|
|
|
They just have two: 1. SIGINT. Collect intelligence anywhere from anyone overseas using electronic communications. This includes offensive hacking and black bag jobs they do via other groups. 2. Information Assurance. The only real requirement I've seen is that they protect COMSEC of DOD and defense contractors. There's less requirements saying they protect computer security. I'm not sure they're even required to protect government as a whole. They have no mandate that I've seen to protect Americans. They even make it illegal for Americans to obtain Type 1, TEMPEST-certified, etc products that they recommend to Defense organizations. So, those are the jobs. I'm with Schneier and others on splitting them into two. I'd also expand IAD's mission to cover recommendations for mass market and overall government. For now, NSA has no requirement to protect our computer systems. Hard to say if they even have to protect Defense systems vs COMSEC since other laws paid for by lobbyists say DOD must try to buy COTS stuff that's almost all insecure. Can't mandate buying insecure stuff from nefarious companies plus expect strong security simultaneously. I think it's a legal, grey area they're exploiting for maximal SIGINT. |
|
|