Since The Washington Post first broke the news that the Obama administration is moving ahead with Einstein, a Bush-era plan to use National Security Agency assistance in screening government computer traffic on private-sector networks, the drum beat from privacy advocates has been growing.
Today, Siobham Gorman of The Wall Street Journal reports that the latest complete version of the system won’t be fully installed for 18 months, and even when it is, the system won’t protect networks from attack but will only trigger an alarm after one has happened:
A more capable version has sparked privacy alarms, which could delay its rollout. Since the National Security Agency acknowledged eavesdropping on phone and Internet traffic without warrants in 2005, security programs have been dogged by privacy concerns. In the case of Einstein, AT&T Corp., which would test the system, has sought written approval from the Justice Department before it would agree to participate, people familiar with the matter say.
A side bar describes the three phases of Einstein:
* Einstein 1: Monitors Internet traffic flowing in and out of federal civilian networks. Detects abnormalities that might be cyber attacks. Is unable to block attacks.
* Einstein 2: In addition to looking for abnormalities, detects viruses and other indicators of attacks based on signatures of known incidents, and alerts analysts immediately. Also can’t block attacks.
* Einstein 3: Under development. Based on technology developed for a National Security Agency program called Tutelage, it detects and deflects security breaches. Its filtering technology can read the content of email and other communications.
The Associated Press notes that the planned deployment of the new Einstein 3 program was noted in the administration’s recently released cyber security review.