The Department of Homeland Security’s top cybersecurity official told CNET on Wednesday that the department may eventually extend its Einstein technology, which is designed to detect and prevent electronic attacks, to networks operated by the private sector. The technology was created for federal networks.
Greg Schaffer, assistant secretary for cybersecurity and communications, said in an interview that the department is evaluating whether Einstein “makes sense for expansion to critical infrastructure spaces” over time.
Not much is known about how Einstein works, and the House Intelligence Committee once charged that descriptions were overly “vague” because of “excessive classification.” The White House did confirm this week that the latest version, called Einstein 3, involves attempting to thwart in-progress cyberattacks by sharing information with the National Security Agency.
Greater federal involvement in privately operated networks may spark privacy or surveillance concerns, not least because of the NSA’s central involvement in the Bush administration’s warrantless wiretapping scandal. Earlier reportshave said that Einstein 3 has the ability to read the content of emails and other messages, and that AT&T has been asked to test the system. (The Obama administration says the “contents” of communications are not shared with the NSA.)
“I don’t think you have to be Big Brother in order to provide a level of protection either for federal government systems or otherwise,” Schaffer said. “As a practical matter, you’re looking at data that’s relevant to malicious activity, and that’s the data that you’re focused on. It’s not necessary to go into a space where someone will say you’re acting like Big Brother. It can be done without crossing over into a space that’s problematic from a privacy perspective.”
If Einstein 3 does perform as well as Homeland Security hopes, it could help less-prepared companies fend off cyberattacks, including worms sent through e-mail, phishing attempts, and even denial of service attacks.
On the other hand, civil libertarians are sure to raise questions about privacy, access, and how Einstein could be used in the future. If it can perform deep packet inspection to prevent botnets from accessing certain Web pages, for instance, could it also be used to prevent a human from accessing illegal pornography, copyright-infringing music, or offshore gambling sites?
“It’s one thing for the government to monitor its own systems for malicious code and intrusions,” said Greg Nojeim, senior counsel at the Center for Democracy and Technology. “It’s quite another for the government to monitor private networks for those intrusions. We’d be concerned about any notion that a governmental monitoring system like Einstein would be extended to private networks.”
Under the current program, Einstein will be tied directly into giant NSA data bases that contain the trace signatures left behind by cyberattacks; these immense electronic warehouses will be be fed by information streamed to the agency by the nation’s telecommunications providers.
AT&T, in partnership with the Department of Homeland Security (DHS) and the NSA will spearhead the aggressive new initiative to detect malicious attacks launched against government web sites–by continuing to monitor the electronic communications of Americans.
This contradicts President Obama’s pledge announcing his administration’s cybersecurity program on May 29, 2009. During White House remarks Obama said that the government will not continue Bush-era surveillance practices or include “monitoring private sector networks or Internet traffic.”
Called the “flagship system” in the national security state’s cyber defense arsenal, The Wall Street Journal reports that Einstein is “designed to protect the U.S. government’s computer networks from cyberspies.” In addition to cost overruns and mismanagement by outsourced contractors, the system “is being stymied by technical limitations and privacy concerns.” According to the Journal, Einstein is being developed in three stages:
Einstein 1: Monitors Internet traffic flowing in and out of federal civilian networks. Detects abnormalities that might be cyber attacks. Is unable to block attacks.
Einstein 2: In addition to looking for abnormalities, detects viruses and other indicators of attacks based on signatures of known incidents, and alerts analysts immediately. Also can’t block attacks.
Einstein 3: Under development. Based on technology developed for a National Security Agency program called Tutelage, it detects and deflects security breaches. Its filtering technology can read the content of email and other communications. (Siobhan Gorman, “Troubles Plague Cyberspy Defense,” The Wall Street Journal, July 3, 2009)
Using a device known as a splitter, a complete copy of Internet traffic that AT&T receives–email, web browsing requests and other electronic communications sent by AT&T customers, was diverted onto a separate fiber-optic cable connected to the company’s SG-3 room, controlled by the agency. Only personnel with NSA clearances–either working for, or on behalf of the agency–have access to this room.