The NSA wants to help stop the next cyber attack on Wall Street, Facebook, or Twitter, and the agency's director thinks information sharing between the feds and private companies is a good place to start.

"Right now, the ability to share real-time information is complicated and there are legal barriers. We have to overcome that," Gen Keith B. Alexander, director of the National Security Agency and commander of U.S. Cyber Command, said during a Thursday appearance at Georgia Tech's Cyber Security Symposium.

While people might be under the impression that the NSA sees and knows all, the agency really only sees "a small fraction of what's going on" when it comes to cyber attacks, Alexander said.

"If Wall Street is attacked [by hackers], the chances of me seeing it [are] limited," Alexander said. But the banks and Internet service providers handling the attacks are on the front lines, and being able to inform government cyber officials about what's going on could help lessen the impact or thwart future attacks.

"If we're going to stop that missile coming in, somebody's got to be our radar," Alexander said.

Those companies that do share cyber-threat information with the feds in good faith need "a liability protection so that [they] are not just sued frivolously" for privacy violations.

Alexander said he is not pushing for blanket immunity. "What I'm talking about is a deliberate process to ensure that those who need liability protection ... get it."

To get this accomplished, however, Congress needs to step in, Alexander said. The House is actually already considering a bill that sounds a lot like what Alexander is proposing - the controversial Cyber Intelligence Sharing and Protection Act (CISPA). Alexander didn't mention CISPA in his presentation, though he did refer to President's Obama January executive order as a "great step in taking this on."

"It allows the government to start working with industry and ... discuss with each of these sector about the best approach," he said.

Obama's plan, however, would only allow for the federal government to share cyber-attack data with private companies, not the other way around.

CISPA would allow for two-way information sharing, and provide immunity to companies that shared information with the feds. As a result, privacy advocates are against CISPA because they think it will allow for companies like Google or Facebook to easily share customer data without any repercussions.

Alexander thinks information sharing can be accomplished without revealing personally identifiable information about a company's users. "We don't need to read communications, we just need the ISPs and companies ... to say, 'I see this coming.'"

Sharing information about cyber attacks while stripping out personally identifiable information is "stuff that's easy for us to do," Alexander said. But the NSA can't act alone, so Congress needs to make it a reality.

The House Intelligence Committee will reportedly take up CISPA during the week of April 8.

Further Reading

Security Reviews