WASHINGTON - The Obama administration is moving cautiously on a new pilot program that would both detect and stop cyber attacks against government computers, while trying to ensure citizen privacy protections.
The pilot program, known as Einstein 3, was supposed to launch in February. But the Department of Homeland Security is still pulling the plan together, according to senior administration officials.
Einstein 3 has triggered debate and privacy concerns because the program will use National Security Agency technology, which is already being employed on military networks.
Any involvement of the NSA -- the agency oversees electronic intelligence-gathering -- in protecting domestic computer networks worries privacy and civil liberties groups who oppose giving such control to U.S. spy agencies.
Officials, who spoke on condition of anonymity because the program is still being finalized, said that while the technology will come from the NSA, the program will be managed and run by the Department of Homeland Security. The monitoring would be limited to government systems and any Internet traffic moving in and out of them.
The latest developments in the Einstein 3 program were first reported Thursday on The Washington Post's Web site.
"The NSA will provide technical assistance," Homeland Security Secretary Janet Napolitano told reporters. "We absolutely intend to use the technical resources, the substantial ones that NSA has."
Einstein 1, which is currently in use by DHS, is an automated program designed to detect intrusions into government networks, and Einstein 2, which is now being put in place, is a more advanced system for detection. It is being used now by about five of the higher risk government agencies, one senior official said.
Einstein 3 would be designed to not only detect intrusions, but to stop them -- preventing any malicious computer codes from getting into government networks and stopping any data theft from those systems. The key, said officials, is that the focus of the monitoring and prevention program is not the content of e-mails, but any codes attached to e-mails that could infect the system or steal information.
Ari Schwartz, a vice president of the Center for Democracy and Technology, said Thursday that privacy advocates want to ensure that as the government begins to more aggressively protect its computer systems, it follows the law, and does not look into private systems.
"There are a number of concerns that come with this process, the main one being how do you go about protecting the system in a way that insures you're not monitoring private systems," said Schwartz. "I don't have a full answer to that question. But the president made that pledge. That makes me more comfortable that it won't happen."
The planned deployment of the new Einstein 3 program was noted in the administration's recently released cyber security review. The 60-day review said the government would continue to consult with privacy and civil liberties groups as the program moves forward.
Obama released the review saying that cyber threats are one of the most serious economic and national security challenges faced by the nation. And he said he will name a new cyber coordinator for the federal government.