That's not exactly what this article says--but it's close. The NSA--our nation's most effective spy agency--is going to adopt major new duties in policing our public internets.
In a major shift, the National Security Agency is drawing up plans for a new domestic assignment: helping protect government and private communications networks from cyberattacks and infiltration by terrorists and hackers, according to current and former intelligence officials.
The plan calls for the NSA to work with the Department of Homeland Security and other federal agencies to monitor such networks to prevent unauthorized intrusion, according to those with knowledge of what is known internally as the "Cyber Initiative." [my emphasis]
Note the sources and level of classification and the implications of this move.
Details of the project are highly classified.
Current and former intelligence officials, including several NSA veterans, warned that the agency's venture into domestic computer and communications networks -- even if limited to protecting them -- could raise new privacy concerns.
"If you're going to do cybersecurity, you have to spy on Americans to secure Americans," said a former government official familiar with NSA operations. "It would be a very major step."
A former senior NSA official said the difference between monitoring networks in order to defend them and monitoring them to collect intelligence is very small.
The former officials spoke on condition of anonymity to protect relationships with intelligence agencies. [my emphasis]
I'm guessing George Bush is going to be at least as pissed about this story getting out as he was pissed about the hospital confrontation story getting out. They're planning to spy on Americans, this is a big new deal, and they're not actually telling us about it.
The article provides some details about the scope of the program. The article mentions networks running our power grid, nuclear plants, and smart cards that run building and computer security. Now to be fair, security of these networks is a real issue. As the article points out, a serious hack attack could bring down the electrical grid. As someone who remembers what it's like for a whole region to lose power for just 3 days, it would be really devastating if it were more sustained or widely dispersed. And as the article also points out, the Chinese can already hack at will, which means we're pretty vulnerable for a country pretending to be an uncontested superpower.
I suspect one of the reasons for involving the NSA is to put the efforts to guard against hacking under the same power of obligation as we do spying. Bush has already been through about 5 or 6 cybersecurity czars: Richard Clarke from 2001 to 2003, Howard Schmidt for just three months after that, Rand Beers for a month, Amit Yoran from later in 2003 to 2004, I'm missing one from 2004 to 2005, it went vacant for a year, then Greg Garcia for the last year. One after another one quits because Bush won't force private companies to cooperate, which makes cybersecurity difficult if not pointless. Yoran is quoted in this article as describing that as the problem with US cybersecurity.
Among the main challenges, he said, is that the Homeland Security Department has been given responsibility for the problem but lacks the authority and expertise to compel other agencies and the private sector to follow its lead.
The NSA has the expertise and the authority--particularly with the amended FISA--to compel communications companies to work with it. And don't forget that there's that broad-ranging definition in the amended FISA of targets "relating" to foreign intelligence--as cybersecurity could be understood to include.
Gorman gives one more hint about the direction of this program.
The new cybersecurity effort aims to build, in part, on an existing NSA program, code-named Turbulence, which has had a troubled start, the senior intelligence official said.
Turbulence is a program that has already caused headaches, both because of the creative funding used for it (hiding it from Congressional oversight) and its disorganization.
Dubbed 'Turbulence,' the NSA's ambitious effort is part bloodhound and part attack dog. It attempts to continuously troll cyberspace to sniff out threats from terrorists and others, then rapidly tip off analysts who can mobilize defenses. With the potential to be a powerful anti-terror weapon, it has become NSA Director Lt. Gen. Keith B. Alexander's top priority.
With annual costs approaching $500 million, Turbulence is so secret that its existence has never been revealed publicly. Inside the agency, Turbulence's most sensitive activities are sequestered behind passwords known to few.
Turbulence also appears to be aptly named. Delays, technical problems and what critics call a vague game plan have sparked rising skepticism inside the agency and in Congress. Even Alexander has been growing increasingly impatient, former NSA officials said.
Early tests of the Turbulence technology 'are not going very well,' said a former top NSA official who maintains contact with agency colleagues. 'They have had trouble with the delivery.'
Meanwhile, lawmakers have been angered by the NSA's method of funding Turbulence, which more than a year into its existence does not appear anywhere in the agency's budget, according to current and former officials. The NSA, they said, has funneled money from older, largely defunct programs into new ones that are part of Turbulence while breaking up the initiative into smaller programs - limiting Congress' oversight.
With Democrats in control of Congress, Turbulence is expected to come under greater scrutiny.
Turbulence includes nine core programs, with intriguing names such as Turmoil, Tutelage and Traffic Thief. Among their goals: mapping social networks based on intercepted communications, embedding technology on networks to collect data, and searching for patterns across hundreds of NSA databases.
Put two and two together, and it appears that this is an effort to use the NSA's ability to compel cooperation to apply it to the search for domestic hacking, using social networks and databases. I can see why that would raise privacy concerns.