Feds downplay privacy fears on plan to expand monitoring of government networks
DHS, White House officials say 'Cyber Initiative' is needed to better protect federal systems
Computerworld - The U.S. government's de facto CIO and other federal officials today downplayed privacy concerns related to the expanded monitoring of federal networks that is planned under a multiyear initiative ordered by President Bush to boost cybersecurity at agencies.
Testifying at a hearing held by the House Committee on Homeland Security, officials from the White House Office of Management and Budget (OMB) and the Department of Homeland Security (DHS) said that the increased network monitoring is designed only to improve the government's ability to quickly detect and stop attacks against its networks.
The governmentwide monitoring that is being planned isn't very different from the intrusion-detection and -prevention capabilities implemented across many private-sector networks, said Robert Jamison, undersecretary of the National Protection and Programs Directorate within the DHS.
Jamison said the current version of a network monitoring system called Einstein, which is used by some agencies, is far too passive and doesn't provide the real-time threat-detection capabilities that are needed to thwart attacks. By comparison, the new monitoring plan is aimed at enabling network administrators to detect intrusions and other malicious activity as soon as they occur, he added.
The Einstein system is due to be upgraded and deployed at all agencies as part of the new security effort. Jamison said that all data traffic flowing through agency networks will be checked, and that it will be inspected at a deeper level than Einstein is capable of now.
The expanded monitoring plan is a key part of the so-called Cyber Initiative, which was mandated by Bush in a classified directive that he issued in January. The directive calls on multiple agencies, including the National Security Agency (NSA), to work together to improve the security of federal systems, which has routinely been criticized in congressional report cards and in reports issued by the Government Accountability Office.
Jamison defended the need for better network monitoring at today's hearing. "Our adversaries are very adept at hiding their attacks in normal everyday [network] traffic," he said, adding that the only effective way to deal with the security threats is to deploy a governmentwide intrusion-detection system. Such capabilities already exist within a few agencies, Jamison noted. "It's just not consistent," he said. "That is what we are talking about [now]."
But, he promised, privacy considerations will be kept at the forefront. "I can tell you that privacy and civil rights have been a top focus of this," Jamison said. Privacy impact assessments are being done to help government officials understand all the implications of the expanded network monitoring activities, he added.
Karen Evans, who basically serves as federal CIO in her role as administrator of e-government and IT at the OMB, testified that all of the monitoring work will be done in an open fashion. As far as privacy and security is concerned, "we have been doing all of these activities in a very transparent way" under the existing approach, Evans said. She added that controls are being implemented to ensure that the privacy rights of federal workers and other individuals who access e-government systems are protected in the future as well.
- Mitigating Multiple DDoS Attack Vectors It's time to rethink and refine the enterprise security architecture, so organizations can remain agile and resilient against future threats. Download this infographic...
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- Reducing the cost and complexity of endpoint management IBM now offers simpler, more affordable solutions for improving endpoint security, patch compliance, lifecycle management and power management within midsized organizations. Read this...
- Mission Critical: Managing Mobile Applications & Content Smartphones, tablets and other mobile devices have become embedded in enterprise processes, thanks to the consumerization of IT and a new generation of...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Endpoint Security White Papers | Webcasts