THE US NSA (National Security Agency) has admitted that it builds systems on the assumption that they're broken because "there's no such thing as 'secure' any more".
The US agency charged with protecting classified material made the startling admission that its computer networks are fallible. In fact, the agency went one further and said it operates on the assumption that it has already been hacked.
The head of the NSA's Information Assurance Directorate, Debora Plunkett made the statement just days after the US started scratching its head trying to come up with some sort of extradition case against Wikileaks founder Julian Assange. Wikileaks has published a massive trove of classified US material that has embarrassed the US government.
"The most sophisticated adversaries are going to go unnoticed on our networks," she said at a cyber security forum.
Which is strange, given that Assange got most of his information in the time-honoured fashion of journalism, from a source. No hacking, no malware and no bespoke code to extract information from the NSA. Just person A giving person B information he had that the government C didn't want person B telling the world plus dog.
However, Plunkett added, "We have to build our systems on the assumption that adversaries will get in."
We can infer from Plunkett's statements that she wanted to put the NSA in a good light, that it has prepared for every possible contingency and is flexible enough to deal with any threat.
"We have to, again, assume that all the components of our system are not safe, and make sure we're adjusting accordingly," Plunkett continued.
But all that has done is demonstrated that the world's most powerful nation assumes that it has vulnerabilities in its information security defences. That is probably a very realistic assumption. µ
Hold the front page
Bluesky's the limit
Might need to come up with a better name though
There's an app for *that*