[Infowarrior] - NSA to help Defend Civilian Agency Networks

[Richard Forno]

Obama Administration to Involve NSA in Defending Civilian Agency  
Networks
By Ellen Nakashima
Washington Post Staff Writer
Thursday, July 2, 2009 7:40 PM

http://www.washingtonpost.com/wp-dyn/content/article/2009/07/02/AR2009070202771_pf.html

The Obama administration will proceed with a Bush-era plan to use  
National Security Agency assistance in screening government computer  
traffic on private-sector networks, with AT&T as the likely test site,  
according to three current and former government officials.

President Obama said in May that government efforts to protect  
computer systems from attack would not involve "monitoring private- 
sector networks or Internet traffic," and Homeland Security Department  
officials say the new program will scrutinize only data going to or  
from government systems.

But the program has provoked debate within DHS, the officials said,  
because of uncertainty about whether private data can be shielded from  
unauthorized scrutiny, how much of a role NSA should play and whether  
the agency's involvement in warrantless wiretapping during George W.  
Bush's presidency would draw controversy. The activities of any  
private citizen who visits a "dot-gov" Web site or sends an e-mail to  
a civilian government employee would be screened.

"We absolutely intend to use the technical resources, the substantial  
ones, that NSA has. But . . . they will be guided, led and in a sense  
directed by the people we have at the Department of Homeland  
Security," the department's secretary, Janet Napolitano, told  
reporters in a discussion about cybersecurity efforts.

Under a classified pilot program approved during the Bush  
administration, NSA data and hardware would be used to protect the  
networks of some civilian government agencies. Part of an initiative  
known as Einstein 3, the plan called for telecommunications companies  
to route the Internet traffic of civilian agencies through a  
monitoring box that would search for and block computer codes designed  
to penetrate or otherwise compromise networks.

AT&T, the world's largest telecommunications firm, was the Bush  
administration's choice to participate in the test, which has been  
delayed for months as the Obama administration determines what  
elements to preserve, former government officials said. The pilot  
program was to have begun in February.

"To be clear, Einstein 3 development is proceeding," DHS spokeswoman  
Amy Kudwa said. "We are moving forward in a way that protects privacy  
and civil liberties."

AT&T officials declined to comment.

A DHS official said the delay occurred because the original timeline  
"did not take into account all that was required to ensure the  
exercise would provide the data needed."

The program is the most controversial element of the $17 billion  
cybersecurity initiative the Bush administration started in January  
2008. Einstein 3 is crucial, advocates say, in an era in which hackers  
have compromised computer systems at the Commerce and State  
departments, and have taken military jet data from a defense contractor.

The NSA declined to comment on Einstein 3, but a spokeswoman said the  
agency would help DHS in "any way possible, including technical  
support" as it seeks to protect government networks.

The internal controversy reflects the central tension in the debate  
over how best to defend the nation's mostly private system of computer  
networks. The techniques that work best, experts say, require the  
automated scrutiny of e-mail and other electronic communications  
content -- something that commercial providers already do.

Proponents of involving the government said such efforts should  
harness the NSA's resources, especially its database of computer  
codes, or signatures, that have been linked to cyberattacks or known  
adversaries. The NSA has compiled the cache by, for example,  
electronically observing hackers trying to gain access to U.S.  
military systems, the officials said.

"That's the secret sauce," one official said. "It's the stuff they  
have that the private sector doesn't."

But it is also the prospect of NSA involvement in cybersecurity that  
fuels concerns about unwarranted government snooping into private  
communication.

"The bitter battles over privacy and NSA's role in domestic  
wiretapping hang over cybersecurity like a toxic cloud," said Stewart  
A. Baker, who was assistant secretary of homeland security under Bush.

AT&T was sued over its role in aiding the Bush-era counterterrorism  
program to intercept Americans' e-mails and phone calls without a  
warrant. It is seeking legal assurance that it will not be sued for  
participating in the pilot program. That legal certification has been  
held up for several months as DHS prepares a contract, several current  
and former officials said.

Einstein's promise, they said, is that it can more effectively detect  
malicious activity and disable intrusions before harm is done to  
civilian government networks.

"Intrusion detection is like a cop with a radar gun on a highway who  
catches you speeding or drunk and phones ahead to somebody at the  
other end," Michael Chertoff, former homeland security secretary, said  
in a recent interview. "Einstein 3 is a cop who actually arrests you  
and pulls you off the road when he sees you driving drunk."

The program has two goals. The first is to prove that the  
telecommunications firm can route only traffic destined for federal  
civilian agencies through the monitoring system. The second is to test  
whether the technology can work effectively on civilian government  
networks. The sensor box would scan e-mail messages and other content  
just before they enter the civilian agency networks.

The classified NSA system, known as Tutelage, has the ability to  
decide how to handle malicious intrusions -- to block them or watch  
them closely to better assess the threat, sources said. It is  
currently used to defend military networks.

The database for the program would also contain feeds from commercial  
firms and the DHS's U.S. Computer Emergency Readiness Team,  
administration officials said.

"We're looking for malicious content, not a love note to someone with  
a dot-gov e-mail address," a former senior administration official  
said. "What we're interested in is finding the code, the thing that  
will do the network harm, not reading the e-mail itself."

Ari Schwartz, a vice president of the Center for Democracy and  
Technology, was among a group of privacy advocates given a classified  
briefing in March on the Einstein program. The advocates wanted to  
ensure that officials had a plan to protect privacy and civil  
liberties, including shielding such personally identifying data as  
Internet protocol addresses.

"We came away saying they have a lot of work in front of them to get  
this done right," Schwartz said. "We're looking forward to their next  
steps."

Bush administration lawyers determined last year that DHS had the  
legal authority to conduct the Einstein program, and could do so in  
compliance with existing wiretap and privacy laws, as long as  
appropriate policies were in place.

Last fall, plans for the pilot were proceeding, former officials said.  
But in the Bush administration's final weeks, AT&T lawyers raised  
concerns about legal liability, they said. Then-Attorney General  
Michael B. Mukasey was willing to give AT&T written assurance that it  
would bear no liability for participating in the program, but both  
AT&T and the Justice Department agreed that the new administration  
should issue the certification, they said.

"They just wanted to make sure the certification would not be reversed  
by the next administration," a Bush administration official said.

In hindsight, Baker said, the Bush White House's decision to classify  
so much of its initiative was a mistake.

"It meant that the problem was not well understood," said Baker, who  
was NSA general counsel in the Clinton administration. "The solution  
was veiled in secrecy in a way that allowed people outside to be  
suspicious, so anybody who mistrusted the intelligence community could  
just assume that it was because they were doing something that they  
shouldn't be doing."

Staff writers Spencer H. Hsu and Carrie Johnson contributed to this  
report.