New worries emerge about Internet monitoring

Prospect of private-sector participation in the government's new Einstein 3 Internet monitoring system is raising concerns

Now that testing of the government’s latest Einstein 3 Internet monitoring and cyber defense system is under way, high-ranking officials have spoken again about trying to get selected companies to join agencies in using the controversial technology. But the prospect of private-sector participation in the government program, even if voluntary, has raised questions about privacy and the technology's supposed superiority over tools that companies might already be using.

Companies that operate critical infrastructure, such as power, transportation and financial networks, are the ones government officials want to get on board first, said Deputy Defense Secretary William Lynn. The Defense Department has created a task force comprised of industry and government information technology and defense interests to examine issues about sharing the Einstein technology, reported Amber Corrin in Defense Systems, a sister publication of Federal Computer Week.

The plan to include critical infrastructure operators in government cyber defense programs is a goal of National Security Presidential Directive 54, signed by President George W. Bush in 2008. Much of the directive remains secret, but the White House released a declassified summary in March, including more detail about how Einstein 3 will work and the desired role of the private sector.

The latest version of the technology, named Einstein 2, monitors Internet and e-mail message traffic into federal agencies for signatures of known malicious activity and is in place in at least 11 of the 21 agencies that run their own networks, with more to follow. The system alerts security analysts when it detects threats, but doesn’t try to stop attacks.

Einstein 3 goes further in two ways: It can analyze traffic and messages more deeply, such as reading the contents of e-mail and other messages, and it can take measures to deflect attacks in real time, reported Siobhan Gorman in the Wall Street Journal last summer.

According to the summary of the security directive, Einstein 3 will also allow the Homeland Security Department, which runs the Einstein program, to share monitored information with the National Security Agency, though that data is not supposed to include message content. The recent combination of those three elements — reading e-mail messages, asking companies to participate in the monitoring program, and getting the NSA in the loop — has set off alarm bells about future uses of Einstein 3.

“If [Einstein 3] can perform deep packet inspection to prevent botnets from accessing certain Web pages, for instance, could it also be used to prevent a human from accessing illegal pornography, copyright-infringing music, or offshore gambling sites?” writes Declan McCullagh for Cnet.

Those particular examples make the right technical point, but they won’t stir much outrage from law-abiding citizens. However, a comment about this story from a reader identified as osamas_pjs asks how long before Einstein “is assigned to do keyword analysis and either prevent or track messages using language which the authorities wish to censor.”

Other questions surround the willingness of companies to participate in the program. Competitive concerns may make some firms reluctant to share information about breaches that might put them at a commercial disadvantage. And from a technical standpoint, some observers point out that the use of Einstein 3-style intrusion prevention tools is already mature in private industry, so it's not clear what new benefits the government technology will offer.


About the Author

John Zyskowski is a senior editor of Federal Computer Week. Follow him on Twitter: @ZyskowskiWriter.


  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.