While the idea of scanning Internet networks has been thrown around for some time, last month the National Security Agency partnered with select defense contractors and Internet service providers to actually do it.
The NSA pilot program seeks to identify malicious traffic that flows through networks, probes for vulnerabilities and exploits them. Once a threat is identified, the NSA will notify the ISPs to disable the threat before it can penetrate a contractor’s servers.
ISPs participating in the program include AT&T, Verizon and CenturyLink. Defense contractors include Lockheed Martin, CSC, SAIC and Northrop Grumman. The contractors can report the program’s success rate to the NSA’s Threat Operations Center, but aren’t required too.
If successful, he program could be extended to include the systems and networks of other critical electronic infrastructure.
To identify threats, the NSA uses behavioral modeling of network behavior and digital DNA (i.e. threat signatures of malicious codes). While the NSA technology is more sophisticated than traditional anti-virus programs, it only screens for known threats and not new ones.
Civil liberties groups aren’t thrilled. They say there needs to be assurances the NSA will not use any network monitoring capabilities for surveillance or spying. “We wouldn’t want this to become a backdoor form of surveillance,” said James X. Dempsey, vice president for public policy at the Center for Democracy & Technology, a civil liberties group.
The program isn’t a cure-all for defense contractors whose computer systems are constantly under attack. It won’t protect from insider threats or leaked material. Nor will it protect from hackers who penetrate security software that enables them to log in like legitimate users, as happened in the recent the breach of Lockheed Martin’s networks.
Source: Washington Post