But the White House and other agencies, including the departments of Justice and Commerce, said the proposal left open the possibility that large Internet carriers themselves could be designated critical entities. This, they said, might have allowed scanning for cyberthreats of virtually all Internet traffic on behalf of the government, opening a more-expansive window into American behavior online.
Officials also worried about the the effectiveness of the approach and the costs to participating industries. Senior officials at numerous government agencies reviewed the NSA proposal. At a White House meeting in August, Tranche 2 was killed, said officials with knowledge of the debate.
As more high-profile hacking attacks have disrupted web sites across the globe, security experts say the value of data has changed and corporations are forced to view their security in a different light.(Feb. 27)
“At the end of the day, it was shut down because it looked way too much like a government monitoring program,” a second administration official said.
More recently, in January, NSA officials expressed concern when the White House blocked draft legislation being prepared by a Senate Intelligence Committee staffer that would enable any government agency to monitor private computer networks for cyberthreats and to take measures to counter those threats, according to administration officials and documents. These sources include draft versions of legislation and internal communications discussing them.
A revised version of the bill, which is part of the cyber-legislation introduced in Congress this month, would allow only private-sector entities to monitor networks and to operate the countermeasures.
The issue, said James A. Lewis, a cyber-policy expert at the Center for Strategic and International Studies, is one of trust. He said that he trusts the NSA to handle the data responsibly but that “the oversight we have in place isn’t enough to reassure everyone the data are not being used for other purposes.”
White House resistance to giving the NSA a greater role in protecting Internet traffic worries some other cyberexperts, who say that private industry should be required to turn over evidence of cyberthreats to the government.
“We’re desperately late in doing this,” said Alan Paller, research director at the SANS Institute, a Bethesda-based cyber-training organization. “Our future economic well-being and future national security are at stake if we don’t mandate it.”