Thursday, June 16, 2011

Major Internet service providers cooperating with NSA on monitoring traffic

By Ellen Nakashima, Updated: Thursday, June 16, 3:31 PM
The Washington Post

Three of the nation’s largest Internet service providers are cooperating with a new National Security Agency program to sift through the traffic of major defense contractors with the goal of blocking cyberattacks by foreign adversaries, senior defense and industry officials say.

The novel program, which began last month on a voluntary, trial basis, relies on sophisticated NSA data sets to identify malicious programs slipped into the vast stream of Internet data flowing to the nation’s largest defense firms. Such attacks, including one last month against Bethesda-based Lockheed Martin, are nearly constant as rival nations and terrorist groups seek access to U.S. military secrets.

“We hope the . . . cyberpilot can be the beginning of something bigger,” Deputy Defense Secretary William J. Lynn III said at a global security conference in Paris on Thursday. “It could serve as a model that can be transported to other critical infrastructure sectors, under the leadership of the Department of Homeland Security.”

The prospect of an NSA role in the monitoring of Internet traffic already had raised concerns among privacy activists, and Lynn’s suggestion that the program might be extended beyond the work of defense contractors threatened to raise the stakes further.

James X. Dempsey, the Center for Democracy & Technology’s vice president for public policy, said that any version of the program must have protections against government access to private Internet traffic.

“We wouldn’t want this to become a backdoor form of surveillance,” Dempsey said.

The pilot program works by using NSA-developed “signatures,” or fingerprints of malicious code, as well as sequences of anomalous network behavior, to filter the Internet traffic flowing to major defense contractors. That allows the Internet providers to disable the threats before an attack can penetrate a contractor’s servers.

The Internet providers participating in the pilot are AT&T, Verizon and CenturyLink. Together they are seeking to filter the traffic of 15 defense contractors.

Partnering with the major Internet carriers “is probably the technically quickest way to go and the best way to go” to defend dot-com networks, said Gen. Keith Alexander, who heads the NSA and the affiliated U.S. Cyber Command at Fort Meade, testifying to Congress in March.

The premise behind this strategy is that combining the carriers’ ability to filter massive volumes of traffic — a large carrier can monitor up to 100 gigabits of traffic per second — - with the NSA’s expertise will provide a greater level of protection without violating privacy laws.

But the initiative was stalled for months by numerous concerns, including Justice Department worries that it would run afoul of privacy laws that forbid government surveillance of private Internet traffic. Officials have, at least for now, allayed that concern by saying that the government will not directly filter the traffic or receive the malicious code captured by the providers. The Department of Homeland Security is a partner in the pilot.

“The U.S. government will not be monitoring, intercepting or storing any private-sector communications,” Lynn said. “Rather, threat intelligence provided by the government is helping the companies themselves, or the Internet service providers working on their behalf, to identify and stop malicious activity within their networks.”

But civil liberties advocates are worried that a provision in the White House’s recent legislative proposal on cybersecurity could open the way to government surveillance through public-private partnerships such as this one. They are concerned that the proposal would authorize companies to share vast amounts of communications data with the federal government.

“The government needs to make up its mind about whether it wants to protect networks or collect intelligence,” Dempsey said.

Though this NSA technology is more sophisticated than traditional anti-virus programs, it still can screen only for known threats. Developing detection and mitigation strategies for emerging new threats is far more difficult, said Bob Giesler, senior vice president for cyberprograms at SAIC, one of the region’s largest defense and intelligence contractors.

The program also does not protect against insider threats — employees who deliberately leak material. Nor will it protect a network against penetration by, for instance, hackers who have compromised security software enabling them to log in as if they were legitimate users. That is what happened recently when security firm RSA’s SecurID tokens were compromised, enabling hackers to penetrate Lockheed Martin’s computers. Lockheed said no customer, program or employee personal data were compromised.

The pilot program has been at least a year in the making. Carriers and companies were concerned they would be vulnerable to lawsuits or other sanctions if they allowed the government to filter the traffic or shared network data with the government. The NSA, meanwhile, was concerned about the classified data getting into the hands of adversaries.

The Internet carriers are not being paid to prepare their systems for the pilot, an effort that industry officials said costs millions of dollars. The carriers will work with the companies they already serve, and in some cases already provide a similar service of filtering for malicious traffic, using their own threat data.

Lynn’s speech also appeared to outline key elements of the Pentagon’s cyberstrategy, an unclassified version of which is due out soon. The strategy, said experts and analysts who have been briefed on it, focuses on building defenses and a framework for deterrence. It also makes clear the military’s prerogative to use cyber and other traditional military means if the United States is attacked or engaged in hostilities with an adversary.

“First, we must raise the level of protection in government and military networks,” Lynn said Thursday. “We must ready our defense institution to confront cyberthreats, because it is clear any future conflict will have a cyberdimension.”

0 Comments:

Post a Comment

<< Home