Official says Einstein security system won't read e-mails
Although a sophisticated system called Einstein 3 is in development to detect and prevent electronic attacks on federal civilian networks, a senior Homeland Security official gave assurances Wednesday that the department has no intention of reading contents of e-mails or other communications.
Instead, the department wants to have the system determine whether electronic communications entering the networks contain viruses or other attack signatures, the official said.
Einstein 3 is expected to deal solely with federal civilian networks. The Defense Department is responsible for protecting military networks.
But so far, Homeland Security officials have provided little information publicly about the reach of Einstein 3, stoking concerns by privacy and civil rights groups that the government might ultimately intend to read and store the contents of electronic communications produced by U.S. citizens.
"The intention is not to look at the contents of e-mail," Phil Reitinger, deputy undersecretary for the department's National Protection and Programs Directorate, said in an interview with reporters.
"The intention is to look for attack signatures; things that indicate an attack. So, for example, if a virus is coming in you would want to see the pattern of bits that indicates a virus or worm is coming in," Reitinger said. "You are looking for specific indicators of attack, not the contents of people's e-mail."
"We use automated signature analysis," he added. "No person would look at any particular piece of data unless a signature was matched and indicated that an attack was in progress."
Reitinger accompanied Homeland Security Secretary Napolitano in a media roundtable intended to help raise awareness about cybersecurity. Reitinger said the "general level" of attacks against U.S. government networks is going up.
"Our risk profile continues to go up for a number of reasons," he said. "We're tying more and more systems together in more and more different ways and we're depending upon them more and more every day. And that means in sum that it's harder for us to secure that overall ecosystem and help protect national and homeland security."
But he said the government continues to struggle with identifying the origin of attacks. He declined to discuss attacks that might be coming from foreign governments, such as China and Russia, or international criminal gangs.
Homeland Security has launched an exercise using data from AT&T and technology developed by the National Security Agency and other agencies to help develop Einstein 3.
"Exactly what Einstein 3 will be -- and the technology to be used -- is still, I think, in a to-be-tested-and-determined state," Reitinger said. "But Einstein 3 is an intrusion prevention system that is supposed to move beyond simply detecting intrusions after they've taken place [to] preventing them from occurring."
Napolitano said the department is not seeking any legislative changes by Congress to aid cybersecurity efforts. She said her department is focusing on ensuring good information sharing and getting protective measures out for the domains it is primarily responsible for securing.
She also decried the use of the word "czar" to describe the position of a cybersecurity adviser that President Obama intends to pick. "I think it has become overused and more and more inaccurate as a form of journalistic shorthand," she said of the word.
"What the White House is going to be identifying is a coordinator," Napolitano said. "And the reason there will be a coordinator is because you have a huge universe of issues -- cyber -- that has now been divided up in terms of who has operational responsibility, primarily between DOD and DHS ... and there are other agencies as well that obviously have roles to play."