CybersecurityDHS's Einstein 3 plans raise questions

The Obama administration is facing legal and privacy concerns as it looks to bolster its defenses of civilian government computer networks, according to articles published in the Washington Post  and the Wall Street Journal last week. The Einstein 3 program, which would form the core of the new cybersecurity measures, would be a more enhanced version of Einstein, a program that DHS developed to identify threats in computer traffic. An article published in Journal on 3 July said the total cost of the system was classified, but cited officials familiar with the program who said the cost was expected to exceed $2 billion.

The Journal said DHS first developed Einstein in 2003 by adapting technology from a Pentagon program that monitored military networks, according to former national security officials. The Journal also cited an unnamed DHS source who said it will take 18 months to launch Einstein 2 across most of the government. Meanwhile, the article said plans were already underway for Einstein 3 despite the increased privacy concerns associated with the program.

FCW writes that Einstein 3 is based on technology developed for a National Security Agency (NSA) program called Tutelage that can deflect as well as detect security breaches, according to the Journal. That would be an upgrade from Einstein 2 program that officials say can better detect problems and send out alerts quicker than the first version of Einstein, but still can’t block attacks.

Einstein 3, however, is also more controversial. An article in the Post on 3 July said it would “use National Security Agency assistance in screening government computer traffic on private-sector networks, with AT&T as the likely test site, according to three current and former government officials.”

The Post article explains that officials said the program has spurred debate within DHS “because of uncertainty about whether private data can be shielded from unauthorized scrutiny, how much of a role NSA should play and whether the agency’s involvement in warrantless wiretapping during George W. Bush’s presidency would draw controversy.”

The articles say AT&T was seeking legal assurances from the government before piloting the program. The articles said AT&T officials declined to comment. According to the Post article, during a classified pilot program for the enhanced system approved during the George Bush administration, “NSA data and hardware would be used to protect the networks of some civilian government agencies.”