NSA on cyber attacks and Microsoft collaboration

Government Computer News reports that at a hearing entitled “Cybersecurity: Preventing Terrorist Attacks and Protecting Privacy in Cyberspace”, held two days ago by the Senate’s Subcommittee on Terrorism and Homeland Security, the NSA’s information assurance director, Richard Schaeffer Jr., stated that there are three security measures that (if implemented) could thwart the majority of attacks directed at these computer systems.

“We believe that if one institutes best practices, proper configurations and good network monitoring that a system ought to be able to withstand about 80 percent of the commonly known attack mechanisms against systems today,” he declared and said that hardening thus a network forces the cyber criminals to use more sophisticated attacks, which significantly raises the risk of detection.

Schaeffer also noted that the NSA has been working for years now with software and hardware vendors – helping them with the development and distribution of configuration guidance. They have also assisted Microsoft (along with other government agencies and institutes) with generating a standard security configuration for its operating system for the past 5 years.

They worked together on the new Windows 7, the release of which was soon followed by the issue of the security configuration guide for it.

According to Computerworld, this fact isn’t looked favorably upon by some. Marc Rotenberg of the Electronics Privacy Information Center (EPIC) is worried that NSA pushed for building in backdoors to the system, to allow for monitoring of user activity and communication.

Others such as Roger Thompson, chief research officer at AVG Technologies, and Andrew Storms of nCircle Security, doubt that this was one of the results of the partnership. “I can’t imagine NSA and Microsoft would do anything deliberate because the repercussions would be enormous if they got caught,” said Thompson.

Microsoft has yet to comment on any of this.