*NSA reaching out to private sector on cybersecurity
*Secretive agency increasingly out in public view
By Tabassum Zakaria
ORLANDO, Fla., Sept 20 (Reuters) - Anthony Stramella, an official with the National Security Agency’s Threat Operations Center, is more aware than most of how information from computers, telephones and other devices can be tampered with or end up in the wrong hands.
So when he bought a personal computer that he only uses for e-mail at home and saw it had a webcam, he promptly covered it with duct tape. And the cellphone he uses is a $15 model that can do only one thing — make phone calls.
That prompted his daughters, with multiple apps on their phones, to tease that he was a “caveman.” But Stramella says he’s just fine: “I can live in that world, my kids can’t.”
In a sign of how Stramella’s world has changed, too, the NSA official — who says his father worked at NSA and would never tell him what his job was at the agency — was speaking openly at an NSA-sponsored cybersecurity conference in Florida. About 600 people from technology companies, the government and even the media attended.
“I have not seen the (cyber) threat decline, I have seen it increase not only in numbers but in sophistication,” Stramella said. “The threat is huge, it’s real, and it’s growing.”
The NSA, which protects government networks from cyber attacks and conducts electronic eavesdropping to thwart national security threats, has a history of operating as an invisible member of the U.S. intelligence community.
An old joke was that NSA stood for No Such Agency or Never Say Anything, and for years there was not even a road sign marking its location. Employees routinely told friends and neighbors they worked for “the Department of Defense.”
But that was before the world became technology driven. NSA, which in earlier years developed its computer needs almost exclusively in-house, finds it makes more sense now to reach out, sharing knowledge with the private sector which can improve upon it and develop applications that can help with security for both the government and the public.
“There is a conscious, strategic shift. There are people who are very uncomfortable with that, including people who work for us,” Tony Sager, chief operating officer for NSA’s Information Assurance Directorate, said in an interview.
Sager, who has worked at NSA for almost 34 years, said he is a cheerleader for reaching outside of government. “We’re IT (information technology) geeks. You get to meet all these brilliant people, be on the leading edge of technology, feel like you have a hand in improving it. It’s a very exciting place to be for the government.”
After a series of high-profile cyber intrusions this year into the International Monetary Fund, major defense contractors and other companies such as Google (GOOG.O), cybersecurity increasingly is on the public’s radar.
But some civil liberty watchers, who tend to be suspicious of anything to do with NSA, may not relish a greater public role for the intelligence agency, whose technological wizardry was given an Orwellian cast in the 1998 thriller “Enemy of the State.”
“There is strong and universal respect for the technical expertise of NSA,” Sager said. The cycle “gets hot and cold” when it comes to public perception, politics and other factors, but he said when he gives speeches the reception is overwhelmingly positive.
The current climate of U.S. budget austerity will make partnerships with private industry “dramatically even more important,” Sager said.
“There is just no way the nation can afford having the government building government stuff as a separate thing,” he said. “So I think the economics are actually turning in favor of cooperation.”
And the NSA remains tight-lipped about the flip-side of its cybersecurity duties: defeating others’ defenses to intercept and decode electronic data on everything from terrorist plots to Chinese missile tests.
One example the NSA gives of a successful collaboration is with Fixmo Inc. which received technology developed by NSA, improved on it to protect mobile devices by scanning a smartphone, creating a digital fingerprint, and then after the user returns from a trip the mobile device is scanned again to see if anything changed. The company gave back the improved technology to NSA and also sells it commercially.
“Probably the biggest theme for us right now is around mobility,” Sager said. “If your security model is all about control — stop people from carrying their stuff across the doorway, I can decide exactly who’s logged in — that world has disappeared.”
“People want to be anywhere in the world, get access back to their home file system, and be able to communicate with people,” he said. And they want that protected.
The three-day conference started on Tuesday with a cartoon video similar to the “Jetsons” to show the future ideal where the main character “Bob” cannot take classified information out of the building or it will be erased because of an encrypted chip, cannot be tricked into connecting to the wrong server, and the black-hatted villainous hacker is foiled at every turn.
That is what the hope is for the future, but current defenses are “just simply not enough,” said Michael Lamont, chief of NSA’s Network Solutions Office. “It’s clear that we’ve got to improve our performance. We need to apply some game-changing technology.” (Editing by Warren Strobel and Cynthia Osterman)