Businesses Could Use U.S. Cyber Monitoring System

A U.S. government computer security system that can detect and prevent cyber attacks should be extended to private businesses that operate critical utilities and financial service, says an AP report.

William J. Lynn III, the deputy defense secretary, said discussions are in the very early stages and participation in the program would be voluntary. The idea, he said, would allow businesses to take advantage of the Einstein 2 and Einstein 3 defensive technologies that are being developed to put in place on government computer networks, the report says.

Extending the program to the private sector raises a myriad of legal, policy and privacy questions, including how it would work and what information if any companies would share with the government about any attacks or intrusions they detect, the report says. Businesses that opt not the participate could "stay in the wild, wild west of the unprotected Internet," Lynn told a small group of reporters during a cybersecurity conference. And in the case of Einstein 2, an automated system that monitors federal Internet and e-mail traffic for malicious activity, companies already may have equal or superior protections on their networks, the report says.

"Einstein 2 is in place in at least 11 of the 21 government agencies that police their own networks. The other 89 federal agencies will go through one of four major technology contractors for the Einstein monitoring. Einstein 3 is currently in a trial phase. Managed and run by the Homeland Security Department, the two systems have triggered debate over whether they violate privacy. But the Justice Department concluded last year that it doesn't violate the rights of either the federal employees or the private citizens who communicate with them," Lynn said.

The Pentagon's creation of U.S. Cyber Command will help the Defense Department protect its networks and enable it to better assist other federal agencies when they are hit with a cyber attack, the report said.

The new Cyber Command will be based at Fort Meade, Md., and it will report to the Strategic Command in Omaha. U.S. computer networks face persistent attacks, including complex criminal schemes, suspected cyber espionage by other nations such as China, and possible terrorist probes seeking vulnerable systems or sensitive information.

Lynn said the Pentagon is setting up a task force to find ways the massive agency can buy information technology programs and equipment more quickly. He said that while it takes the Defense Department as much as 81 months to fund and develop a new program, it only took Apple 24 months to develop the iPhone.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.