Einstein 3 raises privacy concerns

Published 8 September 2009

New cyber security system — Einstein 3 — will be rolled out across all U.S. government agencies; in addition to detecting malicious software, the system can read e-mails and other Internet traffic

A new version of a computer intrusion detection system being developed by DHS has raised concerns from advocacy groups over privacy and the involvement of the National Security Agency (NSA) in the development of the software. The new system, known as Einstein 3, can reportedly read email as well as its original function, to detect malicious software (see 9 July 2009 HSNW).

Futuregov’s Robin Hicks writes that Einstein 2 is able to detect malicious code during predefined code signatures, while Einstein 3 will also be able to read e-mail and other Internet traffic. Civil rights group Center for Democracy and Technology (CDT) called on the Obama administration to release information about the legal implications of Einstein 3, which will be rolled out across all government agencies.

While its predecessor merely detected and reported malicious code, Einstein 3 is to have the capability of intercepting threatening Internet traffic before it reaches a government system,” said a CDT spokesperson.

Hicks writes that concerns over the involvement of NSA have been raised because of the agency’s track record of conducting surveillance of U.S. residents exchanging telephone calls or email messages with foreigners with suspected ties to terrorism.

CDT also called to question the role of the private sector in the development of Einstein 2 and 3, and the safeguards that will be put in place to prevent the misuse of private information collected.

Don Adams, chief security officer and CTO, Worldwide, Public Sector, said, however, that the project is unlikely to be derailed because of privacy concerns. He told FutureGov: “Einstein 3 is absolutely necessary to the defense of the U.S. Government. It will move the Forward Edge of the Battle Area (FEBA) for cyber warfare to the major private sector Internet carriers where traffic is shaped and delivered to government sites.”

The two biggest differences between Einstein 2, which still exists today, and Einstein 3 are: the inclusion of U.S. Civilian Government Agencies to those protected from cyber attacks, and moving the FEBA outside of the government systems and networks under daily attack.”

Adams pointed to statistics showing that, in the month of July 2009, there were more than one million cyber attacks per second being targeted against select servers. While efforts have been made to reduce the number of public facing access points to government sites there are still over 2,700 of them in use. He noted: “Intercepting mass scale attacks before they reach government sites is far more efficient and effective than the current approach. Today, approaches are fairly passive and designed to be as non-intrusive as possible. With Einstein 3, the approach will actively shut down attacks it detects, as a result of the Tutelage software provided by the NSA.”

Einstein 3 is a great step forward toward an eventual solution to an unprecedented level of attacks against a broad spectrum of U.S. Federal agencies from the FAA to DHS and all elements of DOD and even the Department of Commerce.”

For Asian government agencies thinking of installing new intruder detection systems, Adams suggest introducing technology that is commensurate with their exposures and the levels of threat they find themselves experiencing.

Beyond that, they need to understand potential threat scenarios from classic hackers, commercially incented [sic] attacks on their economies and nation-state attacks related to their beliefs and autonomy,” he said.