Former CTO of NSA: ‘See Everything To Protect The Right Things’

Machine-generated data can enhance cyber security, says Prescott Winter during his keynote at .conf 2013

The former tech leader of the US National Security Agency has defended the NSA’s practices of snooping on Internet activity, after a speech which suggested that IT security staff in business must perform similar acts of vigilance.

To keep your organisation secure, you must monitor and log everything that is going on withinin your enterprise network, according to to Prescott Winter, former CIO and CTO of the NSA, who currently works for the security consultancy Chertoff Group.  In a  keynote at .conf 2013, the  worldwide users’ conference for analytics comapny Splunk, he stressed the need for “strategic thinking” – and then argued that the NSA is keeping a “balance” between surveillance and privacy.

Anyone who uses an Internet-enabled device at work is on the “frontlines” of an online battle, he said, in a talk which concentrated on security within business rather than his experiences at the NSA.

Winter expressed amazement at the complacency of organisations which believe they are not a target for cyber-attacks, and advised that good security starts with “a definition of what matters to your enterprise”, what makes it “special”. Focus on desired business outcomes would guarantee that the company survives any cyber-attack.

 “See everything”

“The essence of cyber security problem is to be able to see what’s happening in your enterprise well enough to catch activities quickly and stop damage before it becomes unacceptable,” said Winter. “If you can’t see it, you can’t protect it. See everything to protect the right things.”

Prescott Winter at SplunkThe man who spent 27 years of his working life at the US government agency said it was important to have strict security policies, and to have them enforced.

“You’ve got to audit. You have to make sure that people follow the rules. Even if they are not disobeying the rules willingly, people make mistakes, and things that ought to be done in a particular way very often aren’t. And the result is a set of vulnerabilities and weaknesses that will simply leave your enterprise open. We have a phrase for this – inspect, don’t just expect.”

Winter said there was no such thing as perfect security, so it was important for IT staff to learn to prioritise, “focus on the assets that matter” for business success. He also said data analysis needed to be fast, and that’s where new tools like Splunk came into play.

“We had a brilliant project we started in Iraq and Afghanistan several years ago. We had been collecting a lot of intelligence data there, and it had to be shipped back to the states. It took hours to get it there and to get it analysed, for people to look at it. And in the meantime, we had young kids in Humvees driving down dangerous streets, getting killed.”

“The director of NSA [Keith Alexander] said, ‘We have to stop that. Let’s find a way to have that analysis done in the theatre.’ So we could take data, analyse it quickly and get the answers back.”

Winter warned that the rise of Internet of Things would cause a new generation of security issues and “overwhelm us, if we’re not careful”.

“You need to see the data that counts most. There’s going to be too much of it, there almost is already, as everything gets ‘datified’. Now, the question is, what do you look for and how do you correlate the key things to make sure you get the answers that you need.”

Answering questions from the audience, Winter criticised the idea of ‘security through obscurity’, saying that a well-structured system would always be safer than a fragmented one. He also said that he didn’t think hosting business services in the cloud would be any less secure than having them on servers at the premises.

In conclusion, Winter defended the data collection practices of the NSA, recently exposed by Edward Snowden. “As we see in the United States now, in the wake of the Snowden revelations, the balance between security, which quite frankly requires monitoring and surveillance, sometimes very intrusive, on one hand, and privacy on the other, is a fundamental point in the society, and rightfully so.”

He said that the situation with privacy in Europe was very different from the US, and suggested that nation states had to work together to design policies and regulations consistent with the national norms.

What do you know about Snowden and other tech whistleblowers? Take our quiz!