President Donald Trump picked a National Security Agency official to lead White House cybersecurity policy issues during a time when NSA surveillance powers are up for discussion and bad blood exists between the NSA and industry.
Rob Joyce began serving as the chief of the National Security Agency’s Tailored Access Operations (TAO) organization in April 2013 and will work for the Trump administration on managing cybersecurity efforts, according to multiple reports.
Tensions between the public and the NSA have mounted since contractor Edward Snowden leaked information about the NSA’s surveillance powers, handled by the TAO team. This term, Congress will have a chance to renew and revise the NSA’s surveillance powers under the Foreign Intelligence Surveillance Act.
Last month, a group of technology industry companies sent a letter to members of Congress urging them to ensure privacy safeguards are maintained when they vote to renew the NSA’s surveillance powers. Trump has also said that he wants the act to be renewed quietly without any changes. Having an experienced leader of the NSA’s TAO in the White House shows Trump’s continuing support of the agency’s surveillance efforts.
Joyce has served at the NSA for more than 25 years as chief of TAO as well as the deputy director of the Information Assurance Directorate (IAD), where he led efforts to protect the county’s critical security systems.
The NSA’s TAO rarely opens up to the public about what they’re working on, making it a mysterious part of the agency.
“I’m from Tailored Access Operations and I will admit that it is very strange–right–to be in that position up here on a stage, in front of a group of people. It’s not something often done,” Joyce said, when he presented in front of an audience at a USENIX conference in 2016.
Industry leaders have argued that the NSA, CIA, and other spy agencies need to be more open with companies by disclosing the cyber vulnerabilities that they find so that companies can fix them and build stronger networks.
“Unfortunately, since everyone uses the same technology in today’s global economy, each of these vulnerabilities also represents a threat to American businesses and individuals,” Daniel Castro, vice president of the Information Technology and Innovation Foundation, said in a blog post Monday. “In the future, rather than hoard this information, the CIA and other intelligence agencies should commit to responsibly disclosing vulnerabilities it discovers to the private sector so that security holes can be patched.”
The NSA does not disclose about 9 percent of the vulnerabilities that it finds, according to Castro.
“For example, the NSA reportedly allowed a major security flaw, known as Heartbleed, to exist for years to gather intelligence on the Internet,” said Castro. “By the time that a Google engineer discovered Heartbleed in 2014, it affected two-thirds of the world’s websites.”
Castro called on the Trump administration to commit to quick disclosure of each vulnerability that agencies find.
“Imagine if the U.S. government were to invest as much on securing U.S.-made products and services as it spends now breaking into them,” said Castro. “By working in partnership with the private sector, the U.S. government could greatly improve security for everyday Americans and make U.S. companies more competitive.”
Joyce mentioned that the NSA has guidelines available for the best ways to protect private networks that can help companies close off vulnerabilities.
“There’s not the secret sauce that goes beyond that inside the protection of classified material for the U.S. government,” Joyce said. “Look at that guide. It really is solid.”