WASHINGTON — The Obama administration will proceed with a Bush-era plan to use National Security Agency assistance in screening government computer traffic on private-sector networks, with AT&T as the likely test site, according to three current and former government officials.
President Barack Obama said in May that government efforts to protect computer systems from attack would not involve "monitoring private-sector networks or Internet traffic," and Department of Homeland Security officials say that the new program will only scrutinize data going to or from government systems.
But the program has provoked debate within Homeland Security, the current and former officials said, because of uncertainty over whether private data can be shielded from unauthorized scrutiny, how much of a role the National Security Agency should play and whether the agency's involvement in wiretapping without warrants under the Bush administration would draw controversy.
"We absolutely intend to use the technical resources, the substantial ones, that NSA has. But ... they will be guided, led, and in a sense directed by the people we have at the Department of Homeland Security," the department's secretary, Janet Napolitano, told reporters in a discussion of cybersecurity efforts.
Under a classified pilot program approved during the Bush administration, National Security Agency data and hardware would be used to protect the networks of some civilian government agencies. Part of an initiative known as Einstein 3, the pilot called for telecommunications companies to route the Internet traffic of civilian government agencies through a monitoring box that would search for and block malicious computer codes.
AT&T, the world's largest telecommunications firm, was the Bush administration's choice to participate in the test, which has been delayed for months as the Obama administration determines what elements of the Bush plan to preserve, former government officials said. The pilot was to have been launched in February.
"To be clear, Einstein 3 development is proceeding," Homeland Security spokesman Amy Kudwa said. "We are moving forward in a way that protects privacy and civil liberties."
AT&T officials declined to comment.
The program is the most contentious element of the $17 billion cyber-security initiative that the Bush administration launched in January 2008. Einstein 3 is crucial, advocates say, in an era in which hackers have compromised computer systems at the Commerce and State departments, and have siphoned off sensitive military jetdata from a defense contractor.
The internal controversy reflects the central tension in the debate over how best to defend the nation's mostly private system of computer networks. The most effective techniques, experts say, require the automated scrutiny of e-mail and other electronic communications content - something that commercial providers already do.
Proponents of government involvement said such efforts should harness the NSA's resources, especially its database of computer codes, or signatures, that have been linked to cyber-attacks or known adversaries. The NSA has compiled the cache by, for example, electronically observing hackers trying to gain access to U.S. military systems, the officials said.
"That's the secret sauce," one official said. "It's the stuff they have that the private sector doesn't."
But the prospect of National Security Agency involvement in cyber-security fuels concerns of unwarranted government snooping into private communications.
"The bitter battles over privacy and NSA's role in domestic wiretapping hang over cybersecurity like a toxic cloud," said Stewart Baker, assistant secretary of homeland security during the Bush administration.
Information for this article was contributed by Spencer H. Hsu and Carrie Johnson of The Washington Post.
Front Section, Pages 2 on 07/03/2009