POLITICO’s Joe Baron: The NSA’s $1 billion spy program is an example of a model that’s “more effective than many think” and should be the focus of new cybersecurity legislation.
The NSA’s Advanced Targeting System, or ATS, was designed to detect threats and prevent attacks on critical infrastructure.
Its main goal was to track a target’s location, and then track the communications of people, such as their location, emails and browsing history, in order to identify threats.
It was designed with the idea that “people will be less trusting when they are not directly tied to their target,” as Bloomberg wrote, citing sources familiar with the program.
“The ATS was designed for law enforcement and national security professionals to collect and analyze information to detect, mitigate and prevent a variety of cyber threats and threats that could affect public safety and national defense,” the NSA said in a statement to Politico.
“These types of threats include, but are not limited to, cyberattacks on critical industrial, financial, commercial, government, and military facilities, cyber attacks against financial institutions, and cyber attacks on government and corporate networks.”
A spokesperson for the NSA did not respond to a request for comment.
A spokesperson from the Office of the Director of National Intelligence also declined to comment.
The Ats was designed in the early 1990s to track the location and communication of individual people, but as the NSA grew its budget and its capabilities, it moved away from tracking specific individuals.
The NSA has said that ATS data collected over time is used to help determine “the targets and targets’ vulnerabilities, to build a more accurate picture of threats to critical infrastructure, and to develop better and more resilient software solutions,” according to the agency.
In addition to the surveillance of specific targets, the ATS is designed to monitor network activity and data flow in real-time, according to The Wall Street Journal.
The program has been called the NSA equivalent of the NSA Stuxnet virus, and was the subject of a recent Wired magazine article about how the agency uses its data to develop “weapons” and “antivirus tools.”
A government spokesperson told Politico that the Ats “does not track the identity of people who communicate with a targeted target,” and that the agency’s use of the Aets “is limited to a very narrow subset of cases where a targeted person has committed a crime.”
“The program is based on a technology that is designed for surveillance, and the ATs are used to analyze the contents of communications between targets and to create a more complete picture of the targets and vulnerabilities in their network,” the spokesperson added.
“ATSs are also used to identify and assess network vulnerabilities, such that networks can be secured to prevent future attacks.”