By Marc Ambinder
Aug 13 2010
To better secure unclassified information stored in the computer
networks of government contractors, the Defense Department is asking
whether the National Security Agency should begin to monitor select
corporate dot.com domains, several officials and consultants briefed on
the matter said.
Under the proposal, which is being informally circulated throughout the
department and the Department of Homeland Security, the NSA could set up
equipment to look for patterns of suspicious traffic at the internet
service providers that the companies' networks run through. The agency
would immediately notify the Pentagon and the companies if pernicious
behavior were detected. The Agency would not directly monitor the
content of the data streams, only its meta-data. (A Pentagon
spokesperson called later to clarify that it would not be legal for the
NSA to "monitor" private networks; rather, "DoD and NSA are seeking to
provide technical advice, expertise and information to the defense
The proposal originated in the Office of the Secretary of Defense.
Because of the sensitivity associated with NSA internet surveillance and
capabilities, the fact of the exploratory tasker, as it is known in
Pentagon parlance, and details associated with it are being closely
The new program would apply to the companies that make up the Defense
Industrial Base (DIB) and only to the parts of those companies that
indigenously store and use sensitive information. As the Department
reconfigures its network defenses and the internal structure of its
information operation, it continues to deal with a large number of
aggressive hacker attacks and data penetrations. Classified information
is not supposed to be stored on any dot.mil subdomain that is accessible
to outside computer networks.
Visit InfoSec News!