The National Security Agency considers itself the world’s most formidable cyber power, with an army of computer warriors who constantly scan the wired world. Yet by law, the NSA only collects intelligence abroad, and not inside the U.S.
U.S. rivals like Russia are aware of this blind spot and know how to exploit it, as the NSA director, Army Gen. Paul Nakasone, explained recently to the Senate Armed Services Committee.
In a major breach last year, hackers widely believed to be from Russia’s foreign intelligence service, the SVR, placed malware on a software update produced by the Texas company Solar Winds.
No one had reason to be suspicious, or the legal authority to monitor, as that software update was sent out electronically from SolarWinds to 18,000 organizations, including nine U.S. government agencies.
Source: After A Major Hack, U.S. Looks To Fix A Cyber ‘Blind Spot’ : NPR