DHS Cybersecurity Plan Will Involve NSA, Telecoms
Friday, July 3, 2009
The Obama administration will proceed with a Bush-era plan to use National Security Agency assistance in screening government computer traffic on private-sector networks, with AT&T as the likely test site, according to three current and former government officials.
President Obama said in May that government efforts to protect computer systems from attack would not involve "monitoring private-sector networks or Internet traffic," and Department of Homeland Security officials say the new program will scrutinize only data going to or from government systems.
But the program has provoked debate within DHS, the officials said, because of uncertainty about whether private data can be shielded from unauthorized scrutiny, how much of a role NSA should play and whether the agency's involvement in warrantless wiretapping during George W. Bush's presidency would draw controversy. Each time a private citizen visited a "dot-gov" Web site or sent an e-mail to a civilian government employee, that action would be screened for potential harm to the network.
"We absolutely intend to use the technical resources, the substantial ones, that NSA has. But . . . they will be guided, led and in a sense directed by the people we have at the Department of Homeland Security," the department's secretary, Janet Napolitano, told reporters in a discussion about cybersecurity efforts.
Under a classified pilot program approved during the Bush administration, NSA data and hardware would be used to protect the networks of some civilian government agencies. Part of an initiative known as Einstein 3, the plan called for telecommunications companies to route the Internet traffic of civilian agencies through a monitoring box that would search for and block computer codes designed to penetrate or otherwise compromise networks.
AT&T, the world's largest telecommunications firm, was the Bush administration's choice to participate in the test, which has been delayed for months as the Obama administration determines what elements to preserve, former government officials said. The pilot program was to have begun in February.
"To be clear, Einstein 3 development is proceeding," DHS spokeswoman Amy Kudwa said. "We are moving forward in a way that protects privacy and civil liberties."
AT&T officials declined to comment.
A DHS official said the delay occurred because the original timeline "did not take into account all that was required to ensure the exercise would provide the data needed."
The program is the most controversial element of the $17 billion cybersecurity initiative the Bush administration started in January 2008. Einstein 3 is crucial, advocates say, in an era in which hackers have compromised computer systems at the Commerce and State departments and have taken military jet data from a defense contractor.
The NSA declined to comment on Einstein 3, but a spokeswoman said the agency would help DHS in "any way possible, including technical support," as it seeks to protect government networks.
The internal controversy reflects the central tension in the debate over how best to defend the nation's mostly private system of computer networks. The techniques that work best, experts say, require the automated scrutiny of e-mail and other electronic communications content -- something that commercial providers already do.