House lawmakers yesterday raised concerns about the privacy implications of a Bush administration effort to secure federal computer networks from hackers and foreign adversaries, as new details emerged about the largely classified program.
The aim of the project, known as the "cyber initiative," is to cut the number of connections between federal agency networks and the Internet. More than half of all agencies have deployed the Department of Homeland Secury's program.
But administration officials have not notified the agencies how far monitoring would go, and whether oversight would extend to networks operated by state, local, and private sector entities, including government defense contractors.
A more real-time scrutiny of federal data flows is necessary because "our adversaries are very adept at hiding their attacks in normal everyday traffic," DHS Undersecretary Robert Jamison told the House Homeland Security Committee. He added that DHS is developing a privacy impact assessment on the new capabilities, which will be open to public review upon completion.
Some Democrats on the oversight panel were not assuaged by the administration's testimony. Rep. Bob Etheridge (D-N.C.), said he remained concerned about the program's impact on the privacy of his constituents.
But Jim Lewis, director of the technology arm of the Center for Strategic and International Stidies, called the privacy concerns premature and overblown.
"There's a big difference between intercepting and reading e-mail and reacting to suspicious traffic going across your network," said Lewis, whose employer is working with Congress and the private sector on a set of cyber security policy recommendations for the next president.