NSA starts monitoring defence firms' internet traffic

UNCLE SAM'S DIGITAL WATCHDOG the National Security Agency (NSA) will be working with internet service providers (ISPs) to monitor network traffic to and from US defence firms.

The Washington Post is reporting that the NSA's traffic monitoring program began last month under a voluntary trial basis that gives ISPs the chance to identify possible malware threats to US defence firms against a NSA data set of known threats. The software scans network traffic including emails and other applications for malware threats.

At the moment the NSA and US ISPs AT&T, Verizon and Centurylink have decided to work together only on traffic flowing to and from defence companies such as Lockheed Martin, which was left exposed following the RSA SecureID hack last month. However US deputy defence Secretary William Lynn told journalists, "We hope the ... cyber pilot can be the beginning of something bigger," adding that it could serve as a model for other critical infrastructure networks such as the Department of Homeland Security.

Not surprisingly the NSA's traffic monitoring has got privacy advocates concerned, with James Dempsey, VP of public policy at the Center for Democracy and Technology saying, "We wouldn't want this to become a backdoor form of surveillance."

Officials said that the pilot program uses the signatures of malicious code to stop threats at a network level. The ISPs are trying to get 15 defence contractors, including Lockheed Martin and Northrop Grumman to sign up to the scheme.

Lynn tried to allay privacy fears by saying, "The US government will not be monitoring, intercepting or storing any private-sector communications. Rather, threat intelligence provided by the government is helping the companies themselves, or the internet service providers working on their behalf, to identify and stop malicious activity within their networks."

Although this network monitoring system can identify malware before it hits a computer, it would not prevent an attack on compromised security software such as RSA's that resulted in Lockheed Martin's network being compromised.

Officials for the program said that the system doesn't "directly filter traffic", though they wouldn't go into detail about what that meant. For instance, does directly filtering traffic mean deep packet inspection resulting in the diversion of traffic to a blackhole, or is it simply monitoring traffic patterns? The difference between the two is significant and has a considerable bearing on privacy.

Privacy advocates such as Dempsey will be hoping that the debut of a traffic monitoring system for defence firms is not a precursor to a more widespread roll-out on the public internet.

Then again, who is to say that the men in black aren't already taking a peek at all your packets in the US? We'd be more inclined to think that they have been doing so for a number of years already. µ