The question is how to set up such a system.
After the 2013 revelation of former intelligence contractor Edward J. Snowden sparked controversy over government oversight, US tech companies are wary of the emergence of sharing data with other US intelligence agency, even if that data is just a warning about malware. Google was provoked by revelations in Snowden documents that the National Security Agency is intercepting data from being transferred between its servers overseas. A few years later, under pressure from employees, it ended its participation in Project Maven, a Pentagon effort to use artificial intelligence to make its own drone. more accurate.
In contrast, Amazon makes no such speculations about sensitive government work: It runs the CIA’s cloud server operations. But when the Senate Intelligence Committee asks company officials to testify. Last month – along with the executives at FireEye, Microsoft and SolarWinds – about how the Russians exploited systems on American soil to launch their attacks, they declined to attend.
Companies say that before they share vulnerabilities, they will need strong liability protections in place.
The most plausible political headquarters for such a clearing agency – avoiding concerns about civil liberties and legal rights when using the National Security Agency – would be the Cybersecurity Authority and the Institution. infrastructure of the Department of Homeland Security. Gerstell describes the idea as “automated computer sensors and artificial intelligence that operate on information when it arrives and immediately spit it out.”
The ministry’s existing “Einstein” system, which is supposed to monitor for intrusions and potential attacks on federal agencies, has never seen a Russian attack carried out – although it did. attacked 9 ministries and federal agencies. The FBI, lawmakers say, is incapable of broad surveillance and its focus is divided into other forms of crime, counterterrorism and now threats to extremism in the country.
“I don’t want intelligence agencies to track Americans, but that makes the FBI the de facto domestic intelligence agency dealing with these types of attacks,” said Sen. Angus King, a single person. established in Maine, member of the Senate Intelligence Committee and co-chair of the cyberspace commission. “I’m just not sure they’ve set up for this.”
There are other obstacles. Gerstell said the process of receiving a search warrant is too complex to track cyber attacks between countries and states. “Someone must be able to get that information from the NSA and immediately look at that computer,” he said. “But the FBI needed a warrant to do it, and it took time for the enemy to escape.”