In the event you missed it, big news hit before the start of the holiday weekend. On Friday, the Obama administration announced that it would tap the National Security Agency to help screen government computer traffic on private sector networks. AT&T, meanwhile, would reportedly test the system. In case you think this is deja vu all over again (think: NSA’s admission of warrantless wiretapping back in 2005), the Obama administration is quick to assure privacy advocates that government efforts would not involve “monitoring private-sector networks or Internet traffic.” DHS officials tell the Washington Post that the new program will analyze data only going to or from government systems.
The program, known as Einstein, is a carryover from the Bush administration and, as the Washington Post reports, it had been delayed for months as the Obama administration determined what components to keep in place. DHS first developed Einstein back in 2003 to track web traffic coming to and from federal departments that participated in the program. Going forward, a new version of the program, Einstein 2, is meant to address a weakness of the initial program: a failure to produce warnings that, according to GAO, are “consistently actionable and timely.” As The Wall Street Journal reports, it will take 18 months to launch Einstein 2 across most of the government; 96 smaller agencies will then follow.
Next up after that: Einstein 3. If you’re wondering what this third iteration will entail, Michael Chertoff, former homeland security secretary offered this take to the Washington Post: “Intrusion detection is like a cop with a radar gun on a highway who catches you speeding or drunk and phones ahead to somebody at the other end … Einstein 3 is a cop who actually arrests you and pulls you off the road when he sees you driving drunk.”
For more details on how the government’s response to cybersecurity will continue to unfold — and how you fit in — be sure to check out Chertoff’s talk before POC next Thursday, July 16. Details here.
Are you comfortable with the government’s approach to engaging the cybersecurity threat? Share your comments here.