Security Magazine

U.S. Casts Wider Cybersecurity Net

March 21, 2013

The U.S. government is expanding a cybersecurity program that includes big banks, utilities and key transportation companies having emails and Web surfing scanned as a protection against cyber attacks.

Under last month's White House executive order on cybersecurity, said Reuters, the scans will be driven by classified information provided by U.S. intelligence agencies - including data from the National Security Agency (NSA) - on new or especially serious espionage threats and other hacking attempts. 

"The Department of Homeland Security will gather the secret data and pass it to a small group of telecommunication companies and cybersecurity providers that have employees holding security clearances," Reuters said. Those companies will then offer to process email and other Internet transmissions for critical infrastructure customers that choose to participate in the program.

The telecom companies will not report back to the government on what they see, except in aggregate statistics, a senior DHS official said in an interview granted on condition he not be identified, said Reuters.

"That allows us to provide more sensitive information," the official said. "We will provide the information to the security service providers that they need to perform this function." Procedures are to be established within six months of the order.

In the past, Internet traffic-scanning efforts were mainly limited to government networks and Defense Department contractors, which have long been targets of foreign espionage. But as fears grow of a destructive cyber attack on core, non-military assets, and more sweeping security legislation remained stalled, the Obama administration opted to widen the program, said Reuters.

The Reuters report said the government had no plans to roll out any such form of government-guided close examination of Internet traffic into the communications companies serving the general public.