US 'tremendously damaged' by Snowden disclosures

As the first anniversary of the Snowden revelations approaches, cyber intrusions and breaches are having far-reaching effects, whether they originate with nation states, organized crime or insiders, a former national security advisor said Tuesday.

The Snowden affair itself has had a major impact on U.S. interests and has significantly shaped the cyber security landscape, Tom Donilon, former top security adviser to the Obama administration, said in a keynote talk at the FOSE IT expo and conference in Washington. D.C.

“I think [the Snowden revelations] have been tremendously damaging to the security of United States in a number of ways,” Donilon said. “One, it’s obviously caused bilateral political issues between the United States and a number of its partners and allies, including Germany, Brazil, and others -- And that’s been an important cost.”

Snowden has revealed attempts to tap into the German chancellor’s phone as well as the collection and sharing of metadata from German citizens. Snowden was recently blocked from testifying in front of a German parliamentary inquiry into NSA surveillance.

Donilon expressed optimism in repairing bilateral ties. “I think we’ll work that through because we have strong relationships with those countries and we have mutually beneficial relationships in other areas,” he said during the talk which took the form of an interview with Washington Technology Editor Nick Wakeman. FOSE is produced by 1105 Media, parent company of Defense Systems.  

The effects of the leaks have also extended into the private sector.

Foreign countries may be less willing to work with American technology companies as a result of the leaks. Several nations have indicated that they may not engage U.S. firms, Donilon said, arguing that they have to be careful in using American technology. Additionally, the relationship between private-sector companies and government agencies may have been damaged.

Despite these problems, Donilon highlighted that the revelations also revealed the use of stringent oversight processes and tight management of programs.

“The revelations have indicated that the programs were very aggressively overseen both within the executive branch, by the Congress and by the courts” said Donilon.“These were not unauthorized programs... these were overseen tightly and managed tightly.”

Insider threats such as the disclosures made by Snowden represent a part of the overall cyber threat landscape, which has seen threats becoming more sophisticated and pervasive. Both threats and responsibilities have increased in the private and public sectors, requiring users to more adequately protect their networks.

These threats include espionage, threats against critical infrastructure, criminal financial fraud, cyber-enabled economic theft and individual threats such as unauthorized disclosures.

Some progress has been made in promoting joint public/private responsibility for threats, especially in protecting critical infrastructure, but more progress is needed, Donilon said. In the future, best practices will have to be used more evenly across the landscape, and information sharing between public and private sectors will have to be more effective.

Overall, threats will continue to grow as the technology spreads and capabilities no longer stay isolated to a specific source. Multidimensional approaches will be required as threat sources increase and more sophisticated methods are developed. 

“In terms of change, you have to assume that the sophistication of the intruder, attacker or thief will go up and that will require not static but dynamic changes in respect to defenses on the United States side -- in the government and outside of the government,” Donilon said.