At a pair of hearings on Wednesday and Thursday that dissected the U.S. intelligence community's annual Worldwide Threats Report, National Security Agency and U.S. Cyber Command Director Paul Nakasone again pushed back against a brewing Senate plan for the NSA to monitor domestic networks for foreign hackers.
"I've said I'm not seeking legal authorities either for NSA or U.S. Cyber Command," said Nakasone.
Dating back to the first SolarWinds hearing, senators have suggested expanding NSA powers to solve a key blind spot in U.S. intelligence: What happens when nation-state hackers use U.S. computer systems to launch attacks? The NSA is not chartered for domestic surveillance, meaning a foreign government that routs an attack through a cloud system in Kansas eliminates some visibility for the intelligence community. This was one element of the SolarWinds campaign and other campaigns launched by foreign governments.
The FBI, traditionally, handles law enforcement and counter-terrorism on U.S. soil.
There have been two main proposals on how to address the issue, in addition to an executive order signed by the Trump administration last year. One group, including Senator Angus King, I-Maine, proposed expanding NSA visibility to domestic infrastructure. Another, including Senator Mark Warne, D-Va., proposed requiring organizations who become aware of espionage campaigns in their systems to contact a government authority. The Trump administration signed an executive order last year for cloud providers to create Know Your Customer laws, making it more difficult for foreign hackers to rent domestic systems for launching attacks.
Nakasone said the blind spot issue is a legitimate threat: "When an adversary decides that they're going to conduct an intrusion into a U.S. company or U.S. government agency, they realize that if they come into the United States, and use an internet service provider in a period of time, they can quickly conduct operations and virtually not have any coverage in a timely manner from [the FBI's] ability to do surveillance."
"They understand the timeline that it takes for a warrant to be done, and so they are able to expose this gap," he added.
But Nakasone and other intelligence officials at the hearings were more supportive of the proposed requirement to notify the government of attacks. Director of National Intelligence Avril Haines described it as a "useful" policy; FBI Director Christopher Wray described it as "one of the places where the most significant progress could be achieved."
Warner ended the hearing saying the Senate Intelligence Committee would soon produce a incident notification bill. A House bill is already in the works.