[ISN] Bush Order Expands Network Monitoring

From: InfoSec News (alerts@private)
Date: Mon Jan 28 2008 - 00:15:04 PST


http://www.washingtonpost.com/wp-dyn/content/article/2008/01/25/AR2008012503261.html

By Ellen Nakashima
Washington Post Staff Writer
January 26, 2008

President Bush signed a directive this month that expands the 
intelligence community's role in monitoring Internet traffic to protect 
against a rising number of attacks on federal agencies' computer 
systems.

The directive, whose content is classified, authorizes the intelligence 
agencies, in particular the National Security Agency, to monitor the 
computer networks of all federal agencies -- including ones they have 
not previously monitored.

Until now, the government's efforts to protect itself from cyber-attacks 
-- which run the gamut from hackers to organized crime to foreign 
governments trying to steal sensitive data -- have been piecemeal. Under 
the new initiative, a task force headed by the Office of the Director of 
National Intelligence (ODNI) will coordinate efforts to identify the 
source of cyber-attacks against government computer systems. As part of 
that effort, the Department of Homeland Security will work to protect 
the systems and the Pentagon will devise strategies for counterattacks 
against the intruders.

There has been a string of attacks on networks at the State, Commerce, 
Defense and Homeland Security departments in the past year and a half. 
U.S. officials and cyber-security experts have said Chinese Web sites 
were involved in several of the biggest attacks back to 2005, including 
some at the country's nuclear-energy labs and large defense contractors.

The NSA has particular expertise in monitoring a vast, complex array of 
communications systems -- traditionally overseas. The prospect of aiming 
that power at domestic networks is raising concerns, just as the NSA's 
role in the government's warrantless domestic-surveillance program has 
been controversial.

"Agencies designed to gather intelligence on foreign entities should not 
be in charge of monitoring our computer systems here at home," said Rep. 
Bennie Thompson (D-Miss.), chairman of the House Homeland Security 
Committee. Lawmakers with oversight of homeland security and 
intelligence matters say they have pressed the administration for months 
for details.

The classified joint directive, signed Jan. 8 and called the National 
Security Presidential Directive 54/Homeland Security Presidential 
Directive 23, has not been previously disclosed. Plans to expand the 
NSA's role in cyber-security were reported in the Baltimore Sun in 
September.

According to congressional aides and former White House officials with 
knowledge of the program, the directive outlines measures collectively 
referred to as the "cyber initiative," aimed at securing the 
government's computer systems against attacks by foreign adversaries and 
other intruders. It will cost billions of dollars, which the White House 
is expected to request in its fiscal 2009 budget.

"The president's directive represents a continuation of our efforts to 
secure government networks, protect against constant intrusion attempts, 
address vulnerabilities and anticipate future threats," said White House 
spokesman Scott Stanzel. He would not discuss the initiative's details.

The initiative foreshadows a policy debate over the proper role for 
government as the Internet becomes more dangerous.

Supporters of cyber-security measures say the initiative falls short 
because it doesn't include the private sector -- power plants, 
refineries, banks -- where analysts say 90 percent of the threat exists.

"If you don't include industry in the mix, you're keeping one of your 
eyes closed because the hacking techniques are likely the same across 
government and commercial organizations," said Alan Paller, research 
director at the SANS Institute, a Bethesda-based cyber-security group 
that assists companies that face attacks. "If you're looking for needles 
in the haystack, you need as much data as you can get because these are 
really tiny needles, and bad guys are trying to hide the needles."

Under the initiative, the NSA, CIA and the FBI's Cyber Division will 
investigate intrusions by monitoring Internet activity and, in some 
cases, capturing data for analysis, sources said.

The Pentagon can plan attacks on adversaries' networks if, for example, 
the NSA determines that a particular server in a foreign country needs 
to be taken down to disrupt an attack on an information system critical 
to the U.S. government. That could include responding to an attack 
against a private-sector network, such as the telecom industry's, 
sources said.

Also, as part of its attempt to defend government computer systems, the 
Department of Homeland Security will collect and monitor data on 
intrusions, deploy technologies for preventing attacks and encrypt data. 
It will also oversee the effort to reduce Internet portals across 
government to 50 from 2,000, to make it easier to detect attacks.

"The government has taken a solid step forward in trying to develop 
cyber-defenses," said Paul B. Kurtz, a security consultant and former 
special adviser to the president on critical infrastructure protection. 
Kurtz said the initiative's purpose is not to spy on Americans. "The 
thrust here is to protect networks."

One of the key questions is whether it is necessary to read 
communications to investigate an intrusion.

Ed Giorgio, a former NSA analyst who is now a security consultant for 
ODNI, said, "If you're looking inside a DoD system and you see data 
flows going to China, that ought to set off a red flag. You don't need 
to scan the content to determine that."

But often, traffic analysis is not enough, some experts said. "Knowing 
the content -- that a communication is sensitive -- allows proof 
positive that something bad is going out of that computer," said one 
cyber-security expert who spoke on the condition of anonymity because of 
the initiative's sensitivity.

Allowing a spy agency to monitor domestic networks is worrisome, said 
James X. Dempsey, policy director of the Center for Democracy and 
Technology. "We're concerned that the NSA is claiming such a large role 
over the security of unclassified systems," he said. "They are a spy 
agency as well as a communications security agency. They operate in 
total secrecy. That's not necessary and not the most effective way to 
protect unclassified systems."

A proposal last year by the White House Homeland Security Council to put 
the Department of Homeland Security in charge of the initiative was 
resisted by national security agencies on the grounds that the 
department, established in 2003, lacked the necessary expertise and 
authority. The tug-of-war lasted weeks and was resolved only recently, 
several sources said.

Staff researcher Richard Drezen contributed to this report.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Mon Jan 28 2008 - 00:20:59 PST