Infosecurity

New US cyber security detection system raises privacy concerns

By Robin Hicks | 8 September 2009

A new version of a computer intrusion detection system being developed by the United States Department of Homeland Security has raised concerns from advocacy groups over privacy and the involvement of the National Security Agency (NSA) in the development of the software. The new system, known as Einstein 3, can reportedly read email as well as its original function, to detect malicious software.

View photos

Related Articles

• US cybersecurity guidlines under attack
• Radar detection system planned for Korean border
• US government CIOs: security in federal systems has not improved

Related Categories

• INFOSECURITY

From this Section

• NEWS

Einstein 2 is able to detect malicious code during predefined code signatures, while Einstein 3 will also be able to read e-mail and other internet traffic. Civil rights group Center for Democracy and Technology (CDT) have called on the Obama administration to release information about the legal implications of Einstein 3, which will be rolled out across all government agencies.

“While its predecessor merely detected and reported malicious code, Einstein 3 is to have the capability of intercepting threatening internet traffic before it reaches a government system,” said a CDT spokesperson.

Concerns over the involvement of NSA have been raised because of the agency’s track record of conducting surveillance of US residents exchanging telephone calls or email messages with foreigners with suspected ties to terrorism.

CDT also called to question the role of the private sector in the development of Einstein 2 and 3, and the safeguards that will be put in place to prevent the misuse of private information collected.

However, Don Adams, Chief Security Officer and Chief Technology Officer, Worldwide, Public Sector, said that these objections are unlikely to cause the Einstein 3 project de-railed.

He told FutureGov: “Einstein 3 is absolutely necessary to the defence of the US Government. It will move the Forward Edge of the Battle Area (FEBA) for cyber warfare to the major private sector internet carriers where traffic is shaped and delivered to government sites.”

“The two biggest differences between Einstein 2, which still exists today, and Einstein 3 are: the inclusion of US Civilian Government Agencies to those protected from cyber attacks, and moving the FEBA outside of the government systems and networks under daily attack.”

Adams pointed to statistics showing that, in the month of July 2009, there were more than one million cyber attacks per second being targeted against select servers. And while efforts have been made to reduce the number of public facing access points to government sites there are still over 2700 of them in use.

He noted: “Intercepting mass scale attacks before they reach government sites is far more efficient and effective than the current approach. Today, approaches are fairly passive and designed to be as non-intrusive as possible. With Einstein 3, the approach will actively shut down attacks it detects, as a result of the Tutelage software provided by the NSA.”

“Einstein 3 is a great step forward toward an eventual solution to an unprecedented level of attacks against a broad spectrum of US Federal agencies from the FAA to DHS and all elements of DOD and even the Department of Commerce.”

For Asian government agencies thinking of installing new intruder detection systems, Adams suggest introducing technology that is commensurate with their exposures and the levels of threat they find themselves experiencing.

“Beyond that, they need to understand potential threat scenarios from classic hackers, commercially incented attacks on their economies and nation-state attacks related to their beliefs and autonomy,” he said.