New worries emerge about Internet monitoring

Prospect of private-sector participation in the government's new Einstein 3 Internet monitoring system is raising concerns

Now that testing of the government’s latest Einstein 3 Internet monitoring and cyber defense system is under way, high-ranking officials have spoken again about trying to get selected companies to join agencies in using the controversial technology. But the prospect of private-sector participation in the government program, even if voluntary, has raised questions about privacy and the technology's supposed superiority over tools that companies might already be using.

Companies that operate critical infrastructure, such as power, transportation and financial networks, are the ones government officials want to get on board first, said Deputy Defense Secretary William Lynn. The Defense Department has created a task force comprised of industry and government information technology and defense interests to examine issues about sharing the Einstein technology, reported Amber Corrin in Defense Systems, a sister publication of Federal Computer Week.

The plan to include critical infrastructure operators in government cyber defense programs is a goal of National Security Presidential Directive 54, signed by President George W. Bush in 2008. Much of the directive remains secret, but the White House released a declassified summary in March, including more detail about how Einstein 3 will work and the desired role of the private sector.

The latest version of the technology, named Einstein 2, monitors Internet and e-mail message traffic into federal agencies for signatures of known malicious activity and is in place in at least 11 of the 21 agencies that run their own networks, with more to follow. The system alerts security analysts when it detects threats, but doesn’t try to stop attacks.

Einstein 3 goes further in two ways: It can analyze traffic and messages more deeply, such as reading the contents of e-mail and other messages, and it can take measures to deflect attacks in real time, reported Siobhan Gorman in the Wall Street Journal last summer.

According to the summary of the security directive, Einstein 3 will also allow the Homeland Security Department, which runs the Einstein program, to share monitored information with the National Security Agency, though that data is not supposed to include message content. The recent combination of those three elements — reading e-mail messages, asking companies to participate in the monitoring program, and getting the NSA in the loop — has set off alarm bells about future uses of Einstein 3.

“If [Einstein 3] can perform deep packet inspection to prevent botnets from accessing certain Web pages, for instance, could it also be used to prevent a human from accessing illegal pornography, copyright-infringing music, or offshore gambling sites?” writes Declan McCullagh for Cnet.

Those particular examples make the right technical point, but they won’t stir much outrage from law-abiding citizens. However, a comment about this story from a reader identified as osamas_pjs asks how long before Einstein “is assigned to do keyword analysis and either prevent or track messages using language which the authorities wish to censor.”

Other questions surround the willingness of companies to participate in the program. Competitive concerns may make some firms reluctant to share information about breaches that might put them at a commercial disadvantage. And from a technical standpoint, some observers point out that the use of Einstein 3-style intrusion prevention tools is already mature in private industry, so it's not clear what new benefits the government technology will offer.


About the Author

John Zyskowski is a senior editor of Federal Computer Week. Follow him on Twitter: @ZyskowskiWriter.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected