What type of cybersecurity information does the government want?

U.S. government officials this week laid out exactly what type of information they want to be able to collect in order to defend banks, utilities, transportation companies and other "critical infrastructure" providers against cyber attacks. Given the heated opposition to several proposed cybersecurity laws over concerns that the government would access private data online, Killer ...

DoD, Glenn Fawcett
DoD, Glenn Fawcett
DoD, Glenn Fawcett

U.S. government officials this week laid out exactly what type of information they want to be able to collect in order to defend banks, utilities, transportation companies and other "critical infrastructure" providers against cyber attacks.

Given the heated opposition to several proposed cybersecurity laws over concerns that the government would access private data online, Killer Apps thought it would be useful to have the people involved at the highest levels of crafting and, potentially implementing, cybersecurity laws or regulations on the record as to precisely what type of information the government wants.

Both lawmakers and Defense Department officials insist that the government is only interested in looking at digital signatures that indicate the presence of malicious code, not information about people's identities of private lives.

U.S. government officials this week laid out exactly what type of information they want to be able to collect in order to defend banks, utilities, transportation companies and other "critical infrastructure" providers against cyber attacks.

Given the heated opposition to several proposed cybersecurity laws over concerns that the government would access private data online, Killer Apps thought it would be useful to have the people involved at the highest levels of crafting and, potentially implementing, cybersecurity laws or regulations on the record as to precisely what type of information the government wants.

Both lawmakers and Defense Department officials insist that the government is only interested in looking at digital signatures that indicate the presence of malicious code, not information about people’s identities of private lives.

"The so called digital signatures that we’re talking about here are ones and zeros in various patterns, they aren’t the contents of emails, they are being used to identify dangerous malware or attacks that are coming into the system," said Sen. Susan Collins (R-Maine) yesterday during a panel discussion on cybersecurity at the Wilson Center in Washington. Collins along with Sen. Joe Lieberman (I-Ct) co-sponsored last summer’s failed Cybersecurity Act of 2012. "Our bill specifically makes sure that any information the private sector gives to the government related to cybersecurity is, and this is a horrible word for it, but it’s something like anonymized."

This means that any information that "would help you identify the individual would not be transmitted" to the government, added Collins.

Gen. Keith Alexander (shown above), commander of both the National Security Agency and U.S. Cyber Command elaborated on this, saying that even in cases when a private citizen’s email has been hijacked for malicious purposes, the government will not be looking at the content of their emails (as long as these messages are being sent by an American citizen within the United States, anyway).

"We’re arguing over a bad guy putting something in your email, sending it to somebody else to do something to him that you didn’t know was going on, so ironically, both of you want to know that  that’s occurring," said Alexander during the same panel. "What happens is, the machines can [automatically] see signatures, they can see those go by and" send out an alert that a bad signature has been spotted.

"There is nothing about the traffic or the communications that the government will get," said Alexander. And by nothing, the general meant "no content."

"If signature A goes by, all the government needs to know — DHS, FBI, NSA and Cyber Command — is that an event occurred, we don’t need to know anything more about the communications than A occurred" and that the signature went "from one point to another."

Alexander went on to reiterate his endorsement of a civilian agency such as the Department of Homeland Security having the lead on protecting critical infrastructure from an attack due to the fact that civilian agencies are easier to keep an eye on than the military is with its culture of intense secrecy.

"The reason I really believe that DHS is in there is so that you all know that we’re [the government] doing this right, it’s transparent," said Alexander. "You want us [the military] to defend the country against an attack, you don’t want us to be in the middle over here, operating in the country, trying to stop this thing or trying to set something up with industry when we should be defending the nation [from external attack], I would rather be defending the nation."

John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.

More from Foreign Policy

An illustration shows George Kennan, the father of Cold War containment strategy.
An illustration shows George Kennan, the father of Cold War containment strategy.

Is Cold War Inevitable?

A new biography of George Kennan, the father of containment, raises questions about whether the old Cold War—and the emerging one with China—could have been avoided.

U.S. President Joe Biden speaks on the DISCLOSE Act.
U.S. President Joe Biden speaks on the DISCLOSE Act.

So You Want to Buy an Ambassadorship

The United States is the only Western government that routinely rewards mega-donors with top diplomatic posts.

Chinese President Xi jinping  toasts the guests during a banquet marking the 70th anniversary of the founding of the People's Republic of China on September 30, 2019 in Beijing, China.
Chinese President Xi jinping toasts the guests during a banquet marking the 70th anniversary of the founding of the People's Republic of China on September 30, 2019 in Beijing, China.

Can China Pull Off Its Charm Offensive?

Why Beijing’s foreign-policy reset will—or won’t—work out.

Turkish Defense Minister Hulusi Akar chairs a meeting in Ankara, Turkey on Nov. 21, 2022.
Turkish Defense Minister Hulusi Akar chairs a meeting in Ankara, Turkey on Nov. 21, 2022.

Turkey’s Problem Isn’t Sweden. It’s the United States.

Erdogan has focused on Stockholm’s stance toward Kurdish exile groups, but Ankara’s real demand is the end of U.S. support for Kurds in Syria.