Joseph Menn and Deborah Charles
Posted: March 21, 2013
The U.S. government is expanding a cybersecurity program that scans Internet traffic headed into and out of defense contractors to include far more of the country’s private, civilian-run infrastructure.
As a result, more private sector employees than ever before, including those at big banks, utilities and key transportation companies, will have their emails and Web surfing scanned as a precaution against cyber attacks.
Under last month’s White House executive order on cybersecurity, the scans will be driven by classified information provided by U.S. intelligence agencies — including data from the National Security Agency (NSA) — on new or especially serious espionage threats and other hacking attempts. U.S. spy chiefs said on March 12 that cyber attacks have supplanted terrorism as the top threat to the country.
The Department of Homeland Security will gather the secret data and pass it to a small group of telecommunication companies and cyber security providers that have employees holding security clearances, government and industry officials said. Those companies will then offer to process email and other Internet transmissions for critical infrastructure customers that choose to participate in the program.
DHS as the middleman
By using DHS as the middleman, the Obama administration hopes to bring the formidable overseas intelligence-gathering of the NSA closer to ordinary U.S. residents without triggering an outcry from privacy advocates who have long been leery of the spy agency’s eavesdropping.
The telecom companies will not report back to the government on what they see, except in aggregate statistics, a senior DHS official said in an interview granted on condition he not be identified.
“That allows us to provide more sensitive information,” the official said. “We will provide the information to the security service providers that they need to perform this function.” Procedures are to be established within six months of the order.
The administration is separately seeking legislation that would give incentives to private companies, including communications carriers, to disclose more to the government. NSA Director General Keith Alexander said last week that NSA did not want personal data but Internet service providers could inform the government about malicious software they find and the Internet Protocol addresses they were sent to and from.
“There is a way to do this that ensures civil liberties and privacy and does ensure the protection of the country,” Alexander told a congressional hearing.
Fears grow of destructive attack
In the past, Internet traffic-scanning efforts were mainly limited to government networks and Defense Department contractors, which have long been targets of foreign espionage.
But as fears grow of a destructive cyber attack on core, non-military assets, and more sweeping security legislation remained stalled, the Obama administration opted to widen the program.
Last month’s presidential order calls for commercial providers of “enhanced cybersecurity services” to extend their offerings to critical infrastructure companies. What constitutes critical infrastructure is still being refined, but it would include utilities, banks and transportation such as trains and highways.
Under the program, critical infrastructure companies will pay the providers, which will use the classified information to block attacks before they reach the customers. The classified information involves suspect Web addresses, strings of characters, email sender names and the like.
Not all the cybersecurity providers will be telecom companies, though AT&T is one. Raytheon said this month it had agreed with DHS to become a provider, and a spokesman said that customers could route their traffic to Raytheon after receiving it from their communications company.
As the new set-up takes shape, DHS officials and industry executives said some security equipment makers were working on hardware that could take classified rules about blocking traffic and act on them without the operator being able to reverse-engineer the codes. That way, people wouldn’t need a security clearance to use the equipment.
Civil liberties implications
The issue of scanning everything headed to a utility or a bank still has civil liberties implications, even if each company is a voluntary participant.
Lee Tien, a senior staff attorney with the nonprofit Electronic Frontier Foundation, said that the executive order did not weaken existing privacy laws, but any time a machine acting on classified information is processing private communications, it raises questions about the possibility of secret extra functions that are unlikely to be answered definitively.
“You have to wonder what else that box does,” Tien said.
One technique for examining email and other electronic packets en route, called deep packet inspection, has stirred controversy for years, and some cybersecurity providers said they would not be using that. In deep packet inspection, communication companies or others with network access can examine all the elements of a transmission, including the content of emails.
“The signatures provided by DHS do not require deep packet inspection,” said Steve Hawkins, vice president at Raytheon’s Intelligence and Information Systems division, referring further questions to DHS.
The DHS official said the government is still in conversations with the telecom operators on the issue.
The official said the government had no plans to roll out any such form of government-guided close examination of Internet traffic into the communications companies serving the general public.
Copyright 2013 Thomson Reuters.
Posted Sep 2nd 2011 at 1:29 pm
It’s funny what a million dollars in political contributions, support for the right candidate and a liberal meme can buy you in Washington these days. For Google, it is buying them a free pass as they amass growing power in Washington and the marketplace.
AT&T, while unionized, does not have the same liberal bent as Google. They are more a traditional Beltway player. Open Secrets.org describes their strategy as “Although the company has historically favored Republicans in its political giving, people and political action committees associated with AT&T have as of late generally split their contributions between Democrats and the GOP.”
Recently both Google and AT&T made strategic acquisitions. How they were treated by the politicized Department of Justice makes an interesting statement.
FoxNews.com – Space.com
By Clara Moskowitz
Published September 01, 2011
ESA – This graphic depicts the trackable object, satellites and space junk, in orbit around Earth.
There is so much junk in space that collisions could start to increase exponentially, leading to a continuously growing pile of rubble in orbit, a new report warns.
The independent report, released today (Sept. 1), surveyed NASA’s work to meet the threat of space debris. It was sponsored by NASA, and conducted by the National Research Council, a nonprofit science policy organization.
By Blake Snow
Published September 14, 2010
Intel is investigating reports that the main copy protection on HDTV broadcasts has been cracked. Will broadcasters wave the white flag or fight to shore up content-protection?
Much to the chagrin of the entertainment industry, the encryption that protects most high-definition video content may have just been cracked.
Intel Corp. officials confirmed Tuesday to FoxNews.com an investigation into a security breach, possibly a fundamental compromise of High-bandwidth Digital Content Protection (HDCP) — the digital rights management software that governs every device that plays high-def content.
HDCP is the main means of encoding and protecting HDTV broadcasts, Blu-ray players, set-top boxes and more, and reports Tuesday suggested that a hole in the security scheme had been uncovered. Representatives from Intel, which invented the specification, acknowledged that they were investigating the security breach.
“We’re familiar with the rumors that are out there on the alleged HDCP compromise and are currently investigating it,” Intel officials told Fox News. “We have so far been unable to verify. So at this point, any alleged hack is speculative and rumor.”
Stephen Balogh, a business development manager at Intel and president of Digital Content Protection LLC — the group that oversees licensing of the HDCP specification — confirmed that the group is investigating the breach. Were the hack eventually verified, “it would represent a free-for-all on a ton of content currently protected by HDCP,” wrote one technology enthusiast website.
Most commonly found in Blu-ray players, set-top boxes, and many high-definition displays, HDCP prevents the copying of audio and video content as it travels across the cables that connect HD devices. It’s required to send a video across the thin, flat HDMI cables that link most new flat-panel TV to gaming systems, Blu-ray players, or whatever.
According to computing experts, the hack unlocks protected content by providing a “master key,” which could be used to strip that encryption from, say, the link between your cable box and your DVR. Without those restrictions, a nefarious user could make unlimited copies — rendering the copy-protection software useless.
The potential for such a hack has been theorized for years; in 2001, researchers warned of a possible loophole in HDCP, possibly similar to what was used in this hack.
HDCP has been used by Apple’s iTunes for nearly two years, said tech-news site Betanews. Since some purchased movies will not playback on incompatible displays, however, the protection software has proved frustrating for some law-abiding consumers.
But even if the HDCP crack were authenticated, it would hardly signal the end of digital rights management or the philosophy behind it. After all, HDCP is just one of many such solutions — albeit the most popular one. That didn’t stop content pirates and others who share media illegally from thrilling at the news on message boards and forums. If the security were broken, the quality of illegal movie and TV downloads might have just gotten a whole lot better, they reasoned.
Not all technology enthusiasts were giddy about the news, however. One comment on the popular blog Engadget summed up the other side of the story.
“Stupid pirates celebrate when something like this happens, and then whine when the effects of this involve stronger DRM protection, and higher DVD and movie ticket prices. How about instead of breaking the law, you go buy and support the millions of employees who work hard to create this stuff?”