DHS Cybersecurity Plan Will Involve NSA, Telecoms

Proponents of involving the government said such efforts should harness the NSA's resources, especially its database of computer codes, or signatures, that have been linked to cyberattacks or known adversaries. The NSA has compiled the cache by, for example, electronically observing hackers trying to gain access to U.S. military systems, the officials said.

"That's the secret sauce," one official said. "It's the stuff they have that the private sector doesn't."

But it is also the prospect of NSA involvement in cybersecurity that fuels concerns about unwarranted government snooping into private communication.

"The bitter battles over privacy and NSA's role in domestic wiretapping hang over cybersecurity like a toxic cloud," said Stewart A. Baker, who was assistant secretary of homeland security under Bush.

AT&T was sued over its role in aiding the Bush-era counterterrorism program to intercept Americans' e-mails and phone calls without a warrant. It is seeking legal assurance that it will not be sued for participating in the pilot program. That legal certification has been held up for several months as DHS prepares a contract, several current and former officials said.

Einstein's promise, they said, is that it can more effectively detect malicious activity and disable intrusions before harm is done to civilian government networks.

"Intrusion detection is like a cop with a radar gun on a highway who catches you speeding or drunk and phones ahead to somebody at the other end," Michael Chertoff, former homeland security secretary, said in a recent interview. "Einstein 3 is a cop who actually arrests you and pulls you off the road when he sees you driving drunk."

The pilot program has two goals. The first is to prove that the telecommunications firm can route only traffic destined for federal civilian agencies through the monitoring system. The second is to test whether the technology can work effectively on civilian government networks. The sensor box would scan e-mail messages and other content just before they enter the civilian agency networks.

The classified NSA system, known as Tutelage, has the ability to decide how to handle malicious intrusions -- to block them or watch them closely to better assess the threat, sources said. It is currently used to defend military networks.

The database for the program would also contain feeds from commercial firms and DHS's U.S. Computer Emergency Readiness Team, administration officials said.

"We're looking for malicious content, not a love note to someone with a dot-gov e-mail address," a senior Bush administration official said. "What we're interested in is finding the code, the thing that will do the network harm, not reading the e-mail itself."

Ari Schwartz, a vice president of the Center for Democracy and Technology, was among a group of privacy advocates given a classified briefing in March on the Einstein program. The advocates wanted to ensure that officials had a plan to protect privacy and civil liberties, including shielding such personally identifying data as Internet protocol addresses.