November 25, 2014 -
According to a NextGov report, the U.S. Government is preparing to delete government-wide Internet surveillance records that are over three years old.
The U.S. Department of Homeland Security will delete the records from its information security program code named “Einstein” because of the “quickly diminishing value for most of the data collected pursuant to intrusion detection, prevention and analysis” according to department’s rationale. DHS argues that a three-year retention period is sufficient and that records have no value beyond that point.
While the National Archives and Records Administration has tentatively approved the disposal plan, pending a public comment period, private-sector security firms are critical of the plan. The non-profit SANS Technology Institute, which monitors information security issues on the Web, says it retains data for over 12 years in order to identify historical trends.
Johannes Ullrich, Dean of Research at the SANS Technology Institute told NextGov: “The Einstein data would likely be a goldmine for researchers, as it documents attacks against very specific networks in a consistent way over a large extent of time.”
SANS believes that the government data should be stored for a longer period and that such an objective could be inexpensively achieved using cloud-based storage. “Einstein” data is mainly composed of server log files that identify baseline Internet traffic patterns, configuration problems, unauthorized network traffic, network back doors, routing anomalies, and network scanning activities.
The data generated from DHS operated “Einstein” program is the result of automated processes that collects, correlates, analyzes, and shares computer security information across federal U.S. civilian agencies.
By collecting information from participating federal government agencies, “Einstein” builds and enhances cyber-related situational awareness. The belief is that awareness can assist with identifying and responding to cyber threats and attacks, improve the government’s network security, increase the resiliency of critical, electronically delivered government services, and enhance the survivability of the Internet.
The program provides federal civilian agencies with a capability to detect behavioral anomalies within their networks. By analyzing the data and detecting these anomalies, the ability to detect new exploits and attacks in cyberspace are believed to be greatly increased.
While a select number of civil liberties advocates support the action to expunge data that contains the metadata of individual citizens, others believe eliminating the data will present an accountability challenge for government auditors.