NSA cyber-defense chief: ‘I have never been more busy’ – FedScoop

This report first appeared on CyberScoop.

The man responsible for leading the National Security Agencys defensive mission says his team is fielding more calls than ever from agencies across the government.

Dangerous, highly capable hackers and a desire by agencies to adopt cloud technology have increased the workload forInformation Assurance chief Paul Pitelli and his office, which he says is sort of like the Geek Squad for defense in government.

Pitelli is acareer professionalwho has served in the NSA for more than 20 years as the secretive spy agency transformed into what it is today a highly sophisticated technology behemoth with an array of federal responsibilities, including both signals intelligence and protecting sensitive government systems. With the recent retirement of former Information Assurance Directorate head Curtis Dukes, a renown computer scientist and intelligence community icon, Pitelli took on an increased role in an ever important effort to ensure that the Defense Department and broader government arent hacked.

Well get a wide range of calls from Hey were trying to set up a whole new [information technology] environment and that could be the White House calling, Pitelli said.

A big focus in recents years for Information Assurance, according to Pitelli, has been helping a variety of different federal agencies establish secure cloud data storage processes.

I have never been more busy, Pitelli told CyberScoop in an interview Thursday after he spoke at the McAfee Security Through Innovation Summit.We are getting calls because they all need help. Everyone wants to take advantage of cloud services, thats sort of one thing were getting called for, but its also traditional issues because our nation is being constantly attacked. Were one of the few agencies that get to see when and how the adversary starts operating.

Federal lawmakers have increasingly encouraged agencies in recent years to adopt cloud data storage technologies as a way to both save costs and phase out old on-premise servers.

Because of the economics of cloud services theres so much incentive [for agencies] to migrate many of their capabilities, Pitelli said. A lot of people in government want the NSAs help.

Nobody in government wants to be the next to suffer a hack like the2015 data breach that exposed federal employee information held by theOffice of Personnel Management, he said.

So were getting a lot of calls where its basically, Hey we want to make this move, but how do we do it well? Pitelli said.

Turnoverat the White House also adds to the Information Assurance divisions current workload.

With a change of administration, you know, they typically take a fresh look. And for us thats an opportunity because it allows us to sometimes make an [IT] environment better, Pitelli said. The cyber dimension is adding, on one hand, what you can call issues or events, but I think can be opportunities.

Historically, Fort Meades defensive efforts in cyberspace have been overshadowed by the spy agencys more offensive-centric, intelligence gathering mission set. This is evident from a labor perspective, given that the NSAs Signals Intelligence workforce remains much larger than the Information Assurance unit.

An overwhelming majority of budget dollars are allocated to offense rather than defense, former intelligence officials say, and thats resulted in an agency that is known almost exclusively for digital espionage rather than cyber-defense.

Dukes, former IAD head Debora Plunkett and departing NSA Deputy Director Rick Ledgett recently voiced their concerns that the NSA should be focusing on defense more than it has in the past.

Roughly 90 percent of the U.S. government cybersecurity spending is used to fuel offensive operations, Ledgett told Reuters.

I absolutely think we should be placing significantly more effort on the defense, particularly in light of where we are with exponential growth in threats and capabilities and intentions, Plunkett, who oversaw the NSAs defensive mission from 2010 to 2014, recently told Reuters.

Defense under NSA21

The trios comments come amid an expansive reorganization effort by the NSA, instituted by agency Director Michael Rogers, that works to combine what was once called the Information Assurance Directorate and Signals Intelligence Directorate into a single, joint entity.

Although Rogers plan, known as NSA21, is intended to streamline operations, it has also spurred new concerns that the spy agencys defensive mission will receive even less resources in the future.

When the NSA goes through a change a lot of that discussion goes on because theres a big difference between offense and defense as far as the budget and so that was one of the big concerns that some folks vocalized, said Pitelli, I see a need, a bigger need for cybersecurity not just at NSA but for everybody.

The dual impact of NSA21s rollout and Dukes recent retirement has caused some confusion in government.

I know Curt voiced concerns that as we make this move [towards NSA21] there can be this perception that Oh well who do I call? And if they dont know who to call the question is, Well where did it go? Curt was really one of the great, visible icons of Information Assurance and he retired and so there is that time right now where we are waiting to find out whose going to be given the mantle next, Pitelli said.

Pitelli declined to specifically discuss the NSAs budget but said he would like to see Congress broadly allocate greater resources for cybersecurity writ large, across the entire government.

I will go so far as to say I would hope that the government not just at NSA, but the government really tries to allocate additional funds for the cybersecurity information assurance mission, Pitelli said. Alot of times people have lumped in their information assurance budgets with their IT budgets and the challenge I think youre seeing now is that we havent kept up with the budgets of cybersecurity.

More:
NSA cyber-defense chief: 'I have never been more busy' - FedScoop