[Infowarrior] - Troubles Plague Cyberspy Defense

Richard Forno rforno at infowarrior.org
Fri Jul 3 19:27:56 UTC 2009 

Troubles Plague Cyberspy Defense
By SIOBHAN GORMAN
http://online.wsj.com/article/ 
SB124657680388089139.html#mod=todays_us_page_

WASHINGTON -- The flagship system designed to protect the U.S.  
government's computer networks from cyberspies is being stymied by  
technical limitations and privacy concerns, according to current and  
former national-security officials.

The latest complete version of the system, known as Einstein, won't be  
fully installed for 18 months, according to current and former  
officials, seven years after it was first rolled out. This system  
doesn't protect networks from attack. It only raises the alarm after  
one has happened.

A more capable version has sparked privacy alarms, which could delay  
its rollout. Since the National Security Agency acknowledged  
eavesdropping on phone and Internet traffic without warrants in 2005,  
security programs have been dogged by privacy concerns. In the case of  
Einstein, AT&T Corp., which would test the system, has sought written  
approval from the Justice Department before it would agree to  
participate, people familiar with the matter say.

An AT&T spokesman declined to comment.

The total cost of the system, designed to protect all nonmilitary  
government computers, is classified, but officials familiar with the  
program said the price tag was expected to exceed $2 billion.

The Obama administration has made combating threats to the nation's  
computer networks a top priority. President Barack Obama recently  
called such attacks "one of the most serious economic and national  
security challenges" facing the country. Attacks on the government  
have been intensifying, and thousands of federal networks have been  
breached, including that of the Homeland Security Department, security  
officials say.

Homeland Security officials say they are pressing ahead with  
deliberate speed. Because the program is the first of its kind, "we're  
trying to get things as right as possible," a senior Homeland Security  
official said. It takes time to get all the other government agencies  
on board, the official added, but their buy-in will lead to a more  
effective system in the long run.

The Obama administration is now re-examining plans for a third  
iteration of Einstein to review its privacy protections and  
effectiveness, said Paul Kurtz, a cybersecurity specialist who led a  
review of the topic for President Obama's transition team.

"The good news is, I think [the administration] appears to be taking a  
close look at how best to do this," Mr. Kurtz said. "The bad news is,  
while they work to figure it out, the security of our networks is not  
necessarily getting any better."

Homeland Security spokeswoman Amy Kudwa described the various rollouts  
as "incremental improvements" designed also to protect privacy and  
civil liberties. "We don't want to let the perfect be the enemy of the  
good," she said.

Many of these problems predate the Obama administration. The  
administration supports the objectives of the "comprehensive national  
cybersecurity initiative," said a White House official. Government  
officials say military computer systems are equipped with much  
stronger technology to deflect cyber intruders.

The Homeland Security Department first developed Einstein in 2003,  
adapting technology from a Pentagon program that monitored military  
networks, according to former national-security officials. A voluntary  
program, it tracked Internet traffic flowing in and out of  
participating federal departments, such as the Transportation  
Department, and looked for abnormalities that might be cyberattacks.

By 2007, portions of just 16 agencies had subscribed, according to the  
Government Accountability Office, the nonpartisan investigative arm of  
Congress. Despite the small takeup, the system failed to produce  
warnings that were "consistently actionable and timely," the GAO said.

Armed with fresh funding from the Bush administration, officials  
started work on a new version, dubbed Einstein 2. It is supposed to  
detect known types of cyberattacks and immediately alert the  
cybersecurity center. The problem: Like its predecessor, it still  
can't detect or block sophisticated attacks that weren't previously  
known, said Stewart Baker, a former senior Homeland Security  
Department official. Homeland Security is the only department using it  
so far.

Other departments and agencies plan to use Einstein 2 technology run  
by Homeland Security but based inside the networks of the nation's  
telecommunications companies.

The government was concerned about how the public would react to its  
working with the phone company to monitor networks, and the move had  
to be cleared by a larger number of officials, Mr. Baker said. "It was  
purely a perception issue," he said. The NSA's warrantless wiretapping  
was done in coordination with phone companies.

It will take 18 months to launch Einstein 2 across most of the  
government, a senior Homeland Security official said, and then 96  
smaller agencies will follow. Plans are already under way for Einstein  
3. As envisioned by the Bush administration, Einstein 3 would draw  
from an NSA program that automatically identifies and deflects  
security breaches, according to former officials familiar with the  
program.

This version has raised bigger privacy issues because the technology  
has the ability to read the content of emails and other messages sent  
over government systems as it scans for attacks. Mr. Obama's  
transition team flagged Einstein 3 as a potential privacy concern,  
according to a person familiar with the discussions.

When officials told members of the Senate Intelligence Committee about  
plans to use "active sensors," lawmakers balked because that sounded  
too much like spying, a senior intelligence official said, adding that  
the perception was incorrect.

Homeland Security asked AT&T to test some of the technology that might  
be used for Einstein 3, a person familiar with the discussion said.  
The company demanded clearance from the Bush administration's Justice  
Department, this person said. But the pilot was delayed for a variety  
of technical and practical reasons and spilled over into the Obama  
administration, said a senior Homeland Security official. The Obama  
administration has approved the test, the official said.

James Lewis, who directed a cybersecurity study at the Center for  
Strategic and International Studies, said cyber threats could be  
handled if the U.S. was able to monitor major Internet gateways into  
the country, scanning private traffic for security purposes only. Such  
a move would require changes to spying laws to permit scanning of  
routine traffic without an individual warrant. Some committees on  
Capitol Hill are considering that approach, but Congress may not have  
the appetite to reopen the topic after wrangling over spying rules for  
much of 2008.

One alternative approach for Einstein 3 under consideration is to have  
telecommunications companies scan and block potential cyberattacks,  
said one former official familiar with the discussion. That might be  
combined with some of the scanning technology developed in the private  
sector and at the NSA.

Carriers like AT&T already provide such services for many major  
companies. The Bush administration didn't pursue that route because of  
the potential political problems related to working closely with phone  
companies, government officials said.

More information about the Infowarrior mailing list