Washington Post:
NSA allies with Internet carriers to thwart cyber attacks against defense firms
By Ellen Nakashima, Updated: Thursday, June 16, 7:37 PM
The National Security Agency is working with Internet providers to deploy a new generation of tools to scan e-mail and other digital traffic with the goal of thwarting cyberattacks against defense firms by foreign adversaries, senior defense and industry officials say.
The novel program, which began last month on a voluntary, trial basis, relies on sophisticated NSA data sets to identify malicious programs slipped into the vast stream of Internet data flowing to the nation’s largest defense firms. Such attacks, including one last month against Bethesda-based Lockheed Martin, are nearly constant as rival nations and terrorist groups seek access to U.S. military secrets.
“We hope the . . . cyber pilot can be the beginning of something bigger,” Deputy Defense Secretary William J. Lynn III said at a global security conference in Paris on Thursday. “It could serve as a model that can be transported to other critical infrastructure sectors, under the leadership of the Department of Homeland Security.”
The prospect of a role for the NSA, the nation’s largest spy agency and a part of the Defense Department, in helping Internet providers filter domestic Internet traffic already had raised concerns among privacy activists. Lynn’s suggestion that the program might be extended beyond the work of defense contractors threatened to raise the stakes further.
James X. Dempsey, vice president for public policy at the Center for Democracy & Technology, a civil liberties group, said that the pilot is “an elegant solution” to the long-standing problem of how to use NSA’s expertise while avoiding domestic surveillance by the government. But, he said, any extension of the program must guarantee protections against government access to private Internet traffic.
“We wouldn’t want this to become a backdoor form of surveillance,” Dempsey said.
Officials say the program does not involve direct monitoring of the contractors’ networks by the government. The pilot program uses NSA-developed “signatures,” or fingerprints of malicious code, and sequences of suspicious network behavior to filter the Internet traffic flowing to major defense contractors. That allows the Internet providers to disable the threats before an attack can penetrate a contractor’s servers. The trial is testing two particular sets of signatures and behavior patterns that the NSA has detected as threats.
The Internet providers are AT&T, Verizon and CenturyLink. Together they are seeking to filter the traffic of 15 defense contractors, including Lockheed, Falls Church-based CSC, McLean-based SAIC and Northrop Grumman, which is moving its headquarters to Falls Church. The contractors have the option, but not the obligation, to report the success rate to the NSA’s Threat Operations Center.
All three of the Internet carriers declined to comment on the pilot program. Several of the defense contractors declined to comment as well.
Partnering with the major Internet providers “is probably the technically quickest way to go and the best way to go” to defend dot.com networks, said Gen. Keith B. Alexander, who heads the NSA and the affiliated U.S. Cyber Command at Fort Meade, testifying before Congress in March.
The premise of this strategy is that combining the providers’ ability to filter massive volumes of traffic — a large provider can monitor up to 100 gigabits per second — with the NSA’s expertise will provide a greater level of protection without violating privacy laws.
But the initiative stalled for months because of numerous concerns, including Justice Department’s worries that the program would run afoul of privacy laws forbidding government surveillance of private Internet traffic. Officials have, at least for now, allayed that concern by saying that the government will not directly filter the traffic or receive the malicious code captured by the Internet providers. The Department of Homeland Security is a partner in the pilot.
“The U.S. government will not be monitoring, intercepting or storing any private-sector communications,” Lynn said. “Rather, threat intelligence provided by the government is helping the companies themselves, or the Internet service providers working on their behalf, to identify and stop malicious activity within their networks.”
But civil liberties advocates are worried that a provision in the White House’s recent legislative proposal on cybersecurity could open the way to government surveillance through public-private partnerships such as this one. They are concerned that the proposal would authorize companies to share vast amounts of communications data with the federal government.
“The government needs to make up its mind about whether it wants to protect networks or collect intelligence,” Dempsey said.
Although this NSA technology is more sophisticated than traditional antivirus programs, it still can screen only for known threats. Developing detection and mitigation strategies for emerging new threats is more difficult.
The program also does not protect against insider threats or employees who deliberately leak material. Nor will it protect a network against penetration by hackers who have compromised security software, enabling them to log in as if they were legitimate users. That is what happened recently when security firm RSA’s SecurID tokens were compromised, enabling hackers to penetrate Lockheed Martin’s computers. Lockheed said no customer, program or employee personal data were compromised.
The pilot program has been at least a year in the making. Providers and companies were concerned that they would be vulnerable to lawsuits or other sanctions if they allowed the government to filter the traffic or shared network data with the government. The NSA, meanwhile, was concerned about the classified data getting into the hands of adversaries.
The Internet providers are not being paid to prepare their systems for the pilot, an effort that industry officials said costs millions of dollars. The providers will work with the companies they already serve. In some cases, they already provide a similar service of filtering for malicious traffic using their own threat data.
Lynn’s speech also appeared to outline key elements of the Pentagon’s cyber strategy, an unclassified version of which is due out soon. The strategy, said experts and analysts who have been briefed on it, focuses on building defenses and a framework for deterrence. It also makes clear the military’s prerogative to use cyber and other traditional military means if the United States is attacked or engaged in hostilities with an adversary.
“First we must raise the level of protection in government and military networks,” Lynn said Thursday. “We must ready our defense institution to confront cyber threats, because it is clear any future conflict will have a cyber dimension.”
7 comments:
Midnight Rider,
Regardless of any constitutional issues, I can't really blame them. In an age were our enemies can attack us with computers, our government needs to be able to defend our vital secrets. Not to mention that a well planned cyber attack could cripple the US economy.
If it's only used on defense firms etc and it's voluntary I'd be okay with it.
But that's a really big if. . .
Midnight Rider,
I understand, and I'm worried about our liberties as well when it comes to stuff like this. But to truly understand it, you do have to look at the issue from both sides. Its not like the state is entirely unjustified in its desire to do this, unlike some things it does.
You have far more faith in our gov't to show prudence and restraint than I do my friend.
Our current administration has already shown it has no regard, or just maybe no concept, of Constitutional protections.
Remember these are the same dudes who wanted to label any gun owning bitter Bible clinger a possible domestic terrorist.
Additionally, even if they do manage to control themselves (stop snickering) the emails they read may be from private individuals to these companies who have no idea they're being read.
I realize they NSA is tasked with domestic surveillance. And I have no doubt that, if they don't already know my real identity and that of everyone on this blog, it would take them mere minutes to find it out.
And they're probably laughing like hell and talking around the water cooler when they listen to Pastorius and I on the phone talking about how our wives and kids drive us nutz.
Doesn't mean I have to like it, agree with it or keep quiet about it.
Just because I'm paranoid (it took me years to perfect it) doesn't mean they aren't out to get me :)
Midnight Rider,
Believe me, I don't have blind faith in the government, but in this case I can't entirely support it, or oppose it. I am worried about what the government my do, but I'm also worried about what our enemies might do, if they are not stopped. I know how you feel, but this is not an easy issue for me.
Walking the line between liberty and security is never an easy issue.
It's easier if you have a good strong drink first.
SO join me.
Go ahead, pour yourself a big highball of WIld Turkey or Old Granddad. HEY! No ice! Take it neat! Go ahead, I'll wait.
Take your time.
No hurry.
S'okay.
Ahem.
Hey, what are you doing, distilling it yourself?
If you got WhiteLightning there and aren't sharing I'm going to be mightly annoyed.
C'mon brother, I ain't got all night.
Dude. . .
Ah! There you are.
Hey Pasto! Epa! Christian Soldier! AoW! WC et al. ya wanna get down on this too?
Ok then, a toast.
Ready?
To all Infidela Counter Jihadis Freedom lovers US service personnel and ESPECIALLY anyuone out there on the wall trying to truly keep the barbarous hordes from the gate and the wolf from the door.
Na zdrowie!
There now, don't you feel better?
HEY! D! Dude! Where'd ya go?
Wait a minute. . .
You DO have a little brown jug of mountain dew over there, don't you?
C'mon, I know the signs.
Say, you don't belong to a certain gun club and go by the name of Hobo there, do you?
Post a Comment