NSA Launches Pilot Program to Scan Internet Traffic

National Security Agency LogoWhile the idea of scanning Internet networks has been thrown around for some time, last month the National Security Agency partnered with select defense contractors and Internet service providers to actually do it.

The NSA pilot program seeks to identify malicious traffic that flows through networks, probes for vulnerabilities and exploits them. Once a threat is identified, the NSA will notify the ISPs to disable the threat before it can penetrate a contractor’s servers.

ISPs participating in the program include AT&T, Verizon and CenturyLink. Defense contractors include Lockheed Martin, CSC, SAIC and Northrop Grumman. The contractors can report the program’s success rate to the NSA’s Threat Operations Center, but aren’t required too.

If successful, he program could be extended to include the systems and networks of other critical electronic infrastructure.

To identify threats, the NSA uses behavioral modeling of network behavior and digital DNA (i.e. threat signatures of malicious codes). While the NSA technology is more sophisticated than traditional anti-virus programs, it only screens for known threats and not new ones.

Civil liberties groups aren’t thrilled. They say there needs to be assurances the NSA will not use any network monitoring capabilities for surveillance or spying. “We wouldn’t want this to become a backdoor form of surveillance,” said James X. Dempsey, vice president for public policy at the Center for Democracy & Technology, a civil liberties group.

The program isn’t a cure-all for defense contractors whose computer systems are constantly under attack. It won’t protect from insider threats or leaked material. Nor will it protect from hackers who penetrate security software that enables them to log in like legitimate users, as happened in the recent the breach of Lockheed Martin’s networks.

Source: Washington Post

Comments

  1. BY Mister Reiner says:

    “While the NSA technology is more sophisticated than traditional anti-virus programs, it only screens for known threats and not new ones.”

    This really depends on the sophistication of their network activity analysis engine. It’s possible to profile “normal” user activity and then flag abnormal activity, regardless of if it is a known threat or not.

    There is probably a lot more going on than what the NSA is willing to disclose to the public, but that’s something we’ll never find out about. ;)

  2. BY Noneya says:

    With the track record the NSA and CIA have, one would have to be a fool to take what they say at face value. If it is only scanning their networks now, it will be implemented on public networks at a later date, and not just “critical infrastructure”. Get involved in the political process, stay involved, and you will get real change. Otherwise you’re inviting Big Brother into your house.

Post a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>