While the idea of scanning Internet networks has been thrown around for some time among government agencies, the National Security Agency (NSA) partnered with select defense contractors and Internet service providers (ISPs) last month to do so.
The NSA pilot program seeks to identify malicious Internet traffic that flows endlessly through networks, probes for vulnerabilities and exploits them. Once a threat is identified the NSA will notify the ISPs to disable the threat before it can penetrate a contractor’s servers.
ISPs participating in the program include AT&T, Verizon and CenturyLink, who will work closely with the NSA to halt potentially harmful Internet traffic from reaching some of the top defense contracting companies in the world including Lockheed Martin, CSC, SAIC and Northrop Grumman. The contractors can report the success rate to the NSA’s Threat Operations Center, but are not required too.
If the program is successful, it could be extended to include the systems and networks of the U.S. critical electronic infrastructure.
“We hope the . . . cyber pilot can be the beginning of something bigger,” Deputy Defense Secretary William J. Lynn III said at a global security conference recently. “It could serve as a model that can be transported to other critical infrastructure sectors, under the leadership of the Department of Homeland Security.”
To identify threats, the NSA uses behavioral modeling of suspicious network behavior and digital DNA (i.e. threat signatures of malicious codes). The trial is testing two sets of signatures and behavior patters the NSA has identified as top threats. While the NSA technology is more sophisticated than traditional anti-virus programs, it only screens for known threats and not new ones.
However, civil liberties groups say there needs to be assurances the NSA will not use any network monitoring capabilities for surveillance or spying. Any extension of the pilot program must guarantee protections against government access to private Internet traffic, said James X. Dempsey, vice president for public policy at the Center for Democracy & Technology, a civil liberties group.
“We wouldn’t want this to become a backdoor form of surveillance,” Dempsey said.
The program is not a cure-all for defense contractors whose computer systems are constantly under attack. It will not protect from insider threats or leaked material. Nor will it protect from hackers who penetrate security software that enables them to log into networks like legitimate users, such as the breach of Lockheed Martin’s computers recently.