Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Network Security

NSA Surveillance Programs Directly Damage Internet Security: Report

“The NSA has both weakened overall trust in the network and directly harmed the security of the Internet.”

“The NSA has both weakened overall trust in the network and directly harmed the security of the Internet.”

A report published by the New America Foundation’s Open Technology Institute on Tuesday details the impact of NSA surveillance activities on the United Sates economy, foreign policy and Internet security.

There have been numerous discussions on the intelligence agency’s controversial spying programs over the past year, ever since former NSA contractor Edward Snowden started leaking classified information obtained from the organization’s systems. However, the Open Technology Institute argues that most discussions have revolved around the impact of surveillance programs on privacy and civil liberties, and not so much on how they affect the interests of the United States and the global Internet community.

The 64-page paper focuses on the costs to cybersecurity, the direct economic costs to U.S businesses, the economic and technological costs of data localization and data protection proposals, and political costs to American foreign policy.

Internet Security Weakened by NSAInternet security has been greatly impacted by NSA spying because in addition to monitoring online communications, the agency has been involved in various activities that, according to the authors of the report, “fundamentally threaten the basic security of the Internet.”

For example, the report points to the NSA’s attempts to intentionally weaken critical cryptographic standards. One of these algorithms was until recently included in cryptographic libraries used by default by RSA and other companies.

The agency is also said to be spending hundreds of millions of dollars on getting companies to intentionally create backdoors in their products, including communication devices, commercial encryption systems and IT networks. In addition to getting companies to insert security holes into their products, the NSA keeps information about zero-day vulnerabilities to itself, instead of notifying the companies whose solutions are affected. This leaves organizations and regular users exposed to attacks from the NSA, and also from other entities that might have knowledge of the flaws, the report said.

The Open Technology Institute believes costs to cybersecurity also stem from the activities of the NSA’s Tailored Access Operations (TAO) unit, whose employees rely on an aggressive set of tools to hack into computers, phones, routers and even SCADA systems. One of the tactics used by this unit involves targeting networks and network providers, including the undersea cables that carry Internet traffic between continents. The TAO unit is also said to have impersonated several major US companies, including Facebook and LinkedIn, in an effort to insert malware and steal sensitive information.

Advertisement. Scroll to continue reading.

When it comes to economic impact, NSA surveillance has led to a decline in overseas sales and the loss of business opportunities for American companies. One of the most impacted sectors is cloud computing, which could lose billions of dollars over the next 3-5 years, the report said.

In addition to direct costs, there are also potential costs to businesses and the openness of the Web due to foreign governments’ new proposals for data localization and data protection laws. As an example, the paper points to Brazil, Germany and India, where data localization laws designed to prevent or limit information flows in an effort to protect against NSA spying are being considered.

“Data localization proposals also threaten the functioning of the Internet, which was built on protocols that send packets over the fastest and most efficient route possible, regardless of physical location. Finally, the localization of Internet traffic may have significant ancillary impacts on privacy and human rights by making it easier for countries to engage in national surveillance, censorship, and persecution of online dissidents,” said the authors of the report.

As far as costs to foreign policy are concerned, the country’s relations with other nations have already been negatively impacted due to recent revelations. The United States’ interests are threatened by the damage to bilateral and multilateral relations, and by the loss of credibility for the Internet freedom agenda, according to the report.

The complete report, “Surveillance Costs: The NSA’s Impact on the Economy, Internet Freedom & Cybersecurity,” is available online.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.