In my Predictions for 2008 I wrote Expect greater military involvement in defending private sector networks. About one year ago I wrote NSA to "Screen" .gov Now, I Predict .com Later. Now thanks to a new article by Noah Shachtman titled Cyber Command: We Don’t Wanna Defend the Internet (We Just Might Have To) we read the following:
At a gathering this week of top cybersecurity officials and defense contractors, the Pentagon’s number two floated the idea that the Defense Department might start a protective program for civilian networks...
“I think it’s gonna have to be voluntary,” he added. “People could opt into protection – or choose to stay out. Individual users may well choose to stay out. But in terms of protecting the nation’s security, it’s not the individual users [that matter most]. I mean, they have to worry about their individual [data], their credit rating, and all that. But it’s the vulnerability of certain critical infrastructure – power, transportation, finance. This starts to give you an angle at doing that.”
How? Kim Zetter's article Pentagon: Let Us Secure Your Network or Face the ‘Wild Wild West’ Internet Alone explains:
Defense Deputy Secretary William Lynn III, speaking at the Strategic Command Cyber Symposium in Nebraska, said we need to think imaginatively about how to use the National Security Agency’s Einstein monitoring systems on critical private-sector networks — such as those in the financial, utility and communication industries — in order to protect us.
“Operators of critical infrastructure could opt in to a government-sponsored security regime,” Lynn said. Otherwise, “individual users who do not want to enroll could stay in the wild wild west of the unprotected internet.”
I've written about Einstein before. However, I am dismayed to continue reading commentary like the following by Secretary Lynn:
“You’re starting to anticipate intrusions, anticipate threat signatures, and try and preventing things from getting to the firewalls rather than just stopping at the firewalls.”
Please. I've been hearing these sorts of ideas since the late 1990s, and no one can do it. As long as the adversary maintains the initiative and operational security, no defender is going to "anticipate intrusions," or "anticipate threat signatures."
Still, I expect Einstein to start appearing on private networks, probably in 2011. I doubt when it happens anyone will be able to talk about it, due to some kind of legal construct the government will devise and CIOs will adhere to.