Due to ongoing security vulnerabilities by contractors working on classified defense projects, the Defense Department is debating whether the National Security Agency (NSA) should monitor select corporate dot.com domains, according to a report in the Atlantic.
Security vulnerabilities from contractor’s computers have been a problem for the defense department, as computer spying has become more prevalent and more advanced. Last year, it was discovered that terabytes of information related to the F-35 Joint Strike Fighter program—the costliest weapons program in U.S. history—were downloaded from the computers of contractors involved in the project over a period of about a year.
While the proposal is informally being circulated throughout the Defense Department and the Department of Homeland Security, the idea is that the NSA would monitor contractor’s internet service provider’s networks for any suspicious activities. Only the meta-data content would be monitored and not actual content of data streams.
The program, if implemented, is expected to apply to the companies that make up the Defense Industrial Base (DIB) and only to the parts of those companies that store and use sensitive defnese information. While the new U.S. Cyber Command department and NSA protect the dot.mil domain and domains that process classified information, companies that conduct business often use the public dot.com domain, which is monitored by the DHS.
“It may not be legal to force companies to submit to NSA monitoring, or even to ask them to voluntarily agree to it, and it might not be politically feasible for companies to accept NSA sensors without disclosing their existence for liability and optical reasons,” Ambinder wrote in the Atlantic article. He also wrote that at least two companies, AT&T and Verizon, were approached by government officials about the idea, but declined to comment.
