Another NSA-Private Sector Partnership
Ellen Nakashima reports on a partnership between the NSA, defense contractors, and their Internet service providers to find hackers before they hack.
The National Security Agency is working with Internet service providers to deploy a new generation of tools to scan e-mail and other digital traffic with the goal of thwarting cyberattacks against defense firms by foreign adversaries, senior defense and industry officials say.
[snip]
Officials say the pilot program does not involve direct monitoring of the contractors’ networks by the government. The program uses NSA-developed “signatures,” or fingerprints of malicious code, and sequences of suspicious network behavior to filter the Internet traffic flowing to major defense contractors. That allows the Internet providers to disable the threats before an attack can penetrate a contractor’s servers. The trial is testing two particular sets of signatures and behavior patterns that the NSA has detected as threats.
The Internet carriers are AT&T, Verizon and CenturyLink. Together they are seeking to filter the traffic of 15 defense contractors, including Lockheed, Falls Church-based CSC, McLean-based SAIC and Northrop Grumman, which is moving its headquarters to Falls Church. The contractors have the option, but not the obligation, to report the success rate to the NSA’s Threat Operations Center.
From a technical stand-point, this is probably a better way to find hackers than waiting until they steal your data. But of course, it raises all sorts of privacy issues.
But for all the generalized concerns I have about it, I kept thinking of HB Gary when I read this story. After all, the NSA is surely working with contractors on their own side of this. And threat detection like this is precisely the kind of thing HB Gary did, before they started pitching the Chamber of Commerce to spy on activists.
So who are the other contractors involved in this, and what else are they doing with the technology?
AT&T just passed caps on its broadband customers. I wonder if the cap was actually Part 1 of monitoring and eventually controlling information flow.
I doubt seriously that it is limited to defense firms… I keep reading about the concerns about cyber attacks against critical infrastructure (nuclear power plants and other power generation, transportation facilities, etc.).
I can state from personal experience that there is great need to be concerned. I previously worked for a defense contractor that must remain unnamed that refused to spend money on its infrastructure security unless it was absolutely necessary (all in the name of profits, you understand)
During the last year, I was on a major project for a power generation company. Again, it was the same think.
The point is, business / free enterprise refuses to protect itself and the government must.
Hm. This sounds to me like monitoring packet flow, watching for specific addresses and key words (pre-identified). If these are noticed, the traffic is sucked up for analysis.
I’m curious about “behavior patterns” and what that means. Who the email is sent to? What the email pertains to? It sounds like content monitoring to me, key words, patterns of words, maybe even usage and language.
In other words, it sounds like the Same Old Thing, and this is an attempt to legitimize it using some rather nifty law-enforcement-specific terms that no one who doesn’t have something to hide would complain about…right?
In terms of contractors, the unkown would be who the actual operator of the monitoring would be, since the machines, code, and platforms are going to be from a very small group of vendors. Custom code and monitoring platforms could come into the picture, but only if they’ve been working for a couple of years of development on the blacker side of budgets, or are starting now for delivery in two years or so.
Of course the contractor is important, as you point out with HB Gary, since these kind of traffic analysis systems can be used for anyone, anywhere, and it would be soooo easy to throw some political targets into the mix…
As if such s/w tools would be limited to defending against illegal attacks against the electronic communications systems of government defense contractors. As in biological evolution, an organism will use its tools for whatever they are good for, not just for the purposes they were nominally devised for. Legality or illegality – especially under the government-and-its-contractors-can-do-no-wrong mantra – isn’t likely to be an issue for long.
Pre-crime. I knew there was a reason I didn’t like Tom Cruise.
Yes, I was wondering if this was another episode of Minority Report, myself. Soon, there will be no more room for Bad Thoughts.
Bob in AZ
Why announce that you intend to partner with the public internet service providers to monitor public traffic to contractors — who have contracts developing systems to monitor and mine public traffic on the internet for the NSA and DoD — to do an anti-hacking experiment, just after announcing that the same contractors have had their public internet traffic attacked by hackers?
That, detective, is the right question. Program terminated.
Maybe it is, at the moment, their only defense. The thinking goes, hey! I’m monitoring you! Any ‘suspicious’ patterns and addresses and that kind of thing will alert me and I’ll jump onto it, and GET YOU!
Yeah. That’ll scare the hackers. Since we have no way to secure the network at the moment, without killing contractor commerce.
I have been amazed at how many companies are still taking security as an after thought. This is a digital moat.
One more reason to hate AT&T and Verizon.
O/T What a farce.
2 Top Lawyers Lost to Obama in Libya War Policy Debate
“Jeh C. Johnson, the Pentagon general counsel, and Caroline D. Krass, the acting head of the Justice Department’s Office of Legal Counsel, had told the White House that they believed that the United States military’s activities in the NATO-led air war amounted to “hostilities.” Under the War Powers Resolution, that would have required Mr. Obama to terminate or scale back the mission after May 20.
. . .
““The administration gave its opinion on the War Powers Resolution, but it didn’t answer the questions in my letter as to whether the Office of Legal Counsel agrees with them,” he said. “The White House says there are no hostilities taking place. Yet we’ve got drone attacks under way. We’re spending $10 million a day. We’re part of an effort to drop bombs on Qaddafi’s compounds. It just doesn’t pass the straight-face test, in my view, that we’re not in the midst of hostilities.”
. . .
“The administration followed an unusual process in developing its position.”
LINK.
And guess who is setting them straight:
Yoo: GOP abandoning principles on war powers
LINK.
Silly, didn’t you know that if we don’t have “boots on the ground”, actually attacking an enemy, that it doesn’t count as “hostilities”?
‘Cause, you know, it all depends on what the definition of is, is. And torture isn’t actually torture if we do it and it’s for our Good Cause, and the people being tortured haven’t worn the uniform of an actual declared enemy, and tapping data lines isn’t illegal data mining if we are looking for specific terrorist targets, and and and.
Sheesh. We are so far down the rabbit hole we may never see daylight again.