DHS' new intrusion detection and prevention system raises security concerns

Cyberthreats are the new way of slowly removing citizens' privacy, and now the Department of Homeland Security (DHS) is preparing to deploy a very powerful new version of their EINSTEIN intrusion-detection system that is built to detect attacks and malware, especially when it comes to e-mail.

But because this new version of EINSTEIN is able to read electronic content, it is raising privacy concerns. DHS has recognized this, and have just issued a "privacy impact assessment" on what they're calling EINSTEIN 3 Accelerated, the intrusion detection and prevention system that is expected to be made available as a managed security service from ISPs to monitor the ".gov" traffic to and from civilian agencies and Executive Branch departments.

The DHS has said that EINSTEIN 3 might be able to collect "personally identifiable information" (PII) in some instances where this network security system will not just monitor but also prevent threats by clocking traffic in order to detect a cyberthreat or potential cyberthreat.

EINSTEIN 3 will include packet-inspection tools that "allow an analyst to look at the content of the threat data, which enables a more comprehensive analysis. Packet capture may contain information that could be considered PII-like malicious data from or associated with email messages or attachments".

In their privacy-impact statement, the DHS acknowledges EINSTEIN 3's threat-prevention capabilities, stating that it "may include deep-packet inspection by ISPs. DHS will approve indicators to be transferred to ISPs for deployment in E3A to ensure that indicators are specific to a particular type of traffic and are not overly broad in their data collection requirements".

The story is quite long, and we definitely suggest taking a look at it, at Network World.