Report: Feds could extend Web monitoring program to private sphere

By Tony Romm - 03/04/10 08:46 AM ET

The federal government could begin monitoring some private Internet networks for potential cyberattacks, a Department of Homeland Security official suggested Wednesday.

The technology to intercept and respond to those threats, called Einstein, already applies to federal networks and systems, Greg Schaffer, assistant secretary for cybersecurity and communications, told CNET in an interview.

But Schaffer added that his department was weighing the possibility of deploying the program to the private sphere, primarily to protect key infrastructure like power plants from becoming vulnerable to cyberattack.

Ultimately, Schaffer declined to provide specifics of that proposal, stressing that Einstein still remains highly classified. Nevertheless, the White House's decision this week to declassify a crucial, 2008 cybersecurity document reveals at least one important detail about the program: Einstein works primarily by sharing key Web communication data with the National Security Agency, long hampered by privacy concerns.

Anticipating this could incense industry critics, Schaffer later stressed to CNET that the goal of Einstein was not to establish a "Big Brother" system "in order to provide a level of protection either for the federal government or otherwise."

"As a practical matter, you're looking at data that's relevant to malicious activity, and that's the data that you're focused on," he said. "It's not necessary to go into a space where someone will say you're acting like Big Brother. It can be done without crossing over into a space that's problematic from a privacy perspective."

The federal government's renewed focus on cybersecurity matters arrives weeks after two high-profile attacks struck a slew of U.S. businesses, including Google. Both have worried some congressional lawmakers and industry experts, who fret the federal government's lack of substantive, overarching cybersecurity plan.

To an extent, the White House has tried to combat that impression, even releasing key excerpts from a heretofore classified cybersecurity review, commissioned by former President George W. Bush in 2008. However, the report seems to have instead revealed the great lengths the United States must still travel to protect its Web infrastructure.

Schaffer's comment to CNET this week underscores one option: deploying federal technology to the private sphere.

But it is unclear how Internet service providers or private companies might react to any extension of the Einstein cyberattack program, much less whether consumers would appreciate a warning system directly linked to the NSA -- long harangued by public criticism over its Bush-era wiretapping programs.