cryptogon.com

The directive, whose content is classified, authorizes the intelligence agencies, in particular the National Security Agency, to monitor the computer networks of all federal agencies — including ones they have not previously monitored.

Until now, the government’s efforts to protect itself from cyber-attacks — which run the gamut from hackers to organized crime to foreign governments trying to steal sensitive data — have been piecemeal. Under the new initiative, a task force headed by the Office of the Director of National Intelligence (ODNI) will coordinate efforts to identify the source of cyber-attacks against government computer systems. As part of that effort, the Department of Homeland Security will work to protect the systems and the Pentagon will devise strategies for counterattacks against the intruders.

There has been a string of attacks on networks at the State, Commerce, Defense and Homeland Security departments in the past year and a half. U.S. officials and cyber-security experts have said Chinese Web sites were involved in several of the biggest attacks back to 2005, including some at the country’s nuclear-energy labs and large defense contractors.

The NSA has particular expertise in monitoring a vast, complex array of communications systems — traditionally overseas. The prospect of aiming that power at domestic networks is raising concerns, just as the NSA’s role in the government’s warrantless domestic-surveillance program has been controversial.

“Agencies designed to gather intelligence on foreign entities should not be in charge of monitoring our computer systems here at home,” said Rep. Bennie Thompson (D-Miss.), chairman of the House Homeland Security Committee. Lawmakers with oversight of homeland security and intelligence matters say they have pressed the administration for months for details.

The classified joint directive, signed Jan. 8 and called the National Security Presidential Directive 54/Homeland Security Presidential Directive 23, has not been previously disclosed. Plans to expand the NSA’s role in cyber-security were reported in the Baltimore Sun in September.

According to congressional aides and former White House officials with knowledge of the program, the directive outlines measures collectively referred to as the “cyber initiative,” aimed at securing the government’s computer systems against attacks by foreign adversaries and other intruders. It will cost billions of dollars, which the White House is expected to request in its fiscal 2009 budget.

…

Under the initiative, the NSA, CIA and the FBI’s Cyber Division will investigate intrusions by monitoring Internet activity and, in some cases, capturing data for analysis, sources said.

The Pentagon can plan attacks on adversaries’ networks if, for example, the NSA determines that a particular server in a foreign country needs to be taken down to disrupt an attack on an information system critical to the U.S. government. That could include responding to an attack against a private-sector network, such as the telecom industry’s, sources said.

Also, as part of its attempt to defend government computer systems, the Department of Homeland Security will collect and monitor data on intrusions, deploy technologies for preventing attacks and encrypt data. It will also oversee the effort to reduce Internet portals across government to 50 from 2,000, to make it easier to detect attacks.

“The government has taken a solid step forward in trying to develop cyber-defenses,” said Paul B. Kurtz, a security consultant and former special adviser to the president on critical infrastructure protection. Kurtz said the initiative’s purpose is not to spy on Americans. “The thrust here is to protect networks.”

One of the key questions is whether it is necessary to read communications to investigate an intrusion.

Ed Giorgio, a former NSA analyst who is now a security consultant for ODNI, said, “If you’re looking inside a DoD system and you see data flows going to China, that ought to set off a red flag. You don’t need to scan the content to determine that.”