NSA works to automatically detect attacks, return strikes from foreign adversaries

Share this article:
cyber attack
The MonsterMind program was being developed as recently as last year, reports reveal.

A developing NSA program called “MonsterMind” would allow the intelligence agency to automatically detect attacks from foreign adversaries, and even retaliate with cyber strikes as a means of defusing future attacks, new reports reveal.

On Wednesday, Wired published a profile of former NSA contractor Edward Snowden, who disclosed details on the MonsterMind operation. That day, the outlet also highlighted the program in a separate article by Kim Zetter.

Snowden told Wired that NSA aimed to make use of mass collections of metadata, by using algorithms that could help the government isolate malicious traffic from normal cyber activities and, in doing so, erect a defense system with immediate detection and response capabilities.

Furthermore, Zetter's article detailed how foreign cyber attacks could be deterred quickly through reprisal, under the program.

"Snowden suggests MonsterMind could one day be designed to return fire – automatically, without human intervention – against the attacker,” Zetter wrote. “Because an attacker could tweak malicious code to avoid detection, a counterstrike would be more effective in neutralizing future attacks.”

The program, which was being crafted by the NSA as recently as last year, would fall well within the category of “active defense” strategies taken to thwart cyber attack. Such measures range from using deception to trick hackers to legal efforts (like shutting down botnets) or more extreme tactics – like striking back against an adversary's infrastructure – which many in the security community have argued against.

Last week, Jarno Limnell, director of cyber security at McAfee, wrote at length on the dangers of “fighting fire with fire,” as a means of stopping attackers.

In addition to the legal and ethical concerns that are raised, he said that offensive actions can quickly escalate in undesired ways to those hoping to actively protect their assets from adversaries.

“As has been the case on many occasions in the history of the physical world, offensive actions can easily lead to greater problems, and the danger of escalation is always present,” Limnell wrote. “In today's digitally interconnected world there is also a huge potential for unpredictable side effects and collateral damage from aggressive actions.”

The practice also gives way to questions of proper conduct in cyber space, which has become a "Wild West" in its on right, he added.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

LEADS Act addresses gov't procedure for requesting data stored abroad

LEADS Act addresses gov't procedure for requesting data ...

Senators introduced the legislation last week as a means of amending the Electronic Communications Privacy Act (ECPA).

Report: Intrustion prevention systems made a comeback in 2013

Report: Intrustion prevention systems made a comeback in ...

A new report indicates that intrusion prevention systems grew 4.2 percent in 2013, with growth predicted to continue.

Mobile device security sacrificed for productivity, study says

Mobile device security sacrificed for productivity, study says

A Ponemon Institute study, sponsored by Raytheon, revealed that employees increasingly use mobile devices for work but cut corners and circumvent security.