To better secure unclassified information stored in the computer networks of government contractors, the Defense Department is asking whether the National Security Agency should begin to monitor select corporate domains, several officials and consultants briefed on the matter said. Under the proposal, which is being informally circulated throughout the department and DHS, the NSA could set up equipment to look for patterns of suspicious traffic at the Internet service providers that the companies’ networks run through. NSA would immediately notify the Pentagon and the companies if pernicious behavior were detected. The agency would not directly monitor the content of the data streams, only its meta-data. (A Pentagon spokesperson called later to clarify that it would not be legal for the NSA to “monitor” private networks; rather, “DoD and NSA are seeking to provide technical advice, expertise and information to the defense industrial base.”) The proposal originated in the Office of the Secretary of Defense. Because of the sensitivity associated with NSA Internet surveillance and capabilities, the fact of the exploratory tasker, as it is known in Pentagon parlance, and details associated with it are being closely held. The new program would apply to the companies that make up the Defense Industrial Base (DIB) and only to the parts of those companies that indigenously store and use sensitive information. As the Department reconfigures its network defenses and the internal structure of its information operation, it continues to deal with a large number of aggressive hacker attacks and data penetrations. Classified information is not supposed to be stored on any subdomain that is accessible to outside computer networks.

Comments? Email