The Department of Homeland Security has authorized four companies to offer a network analysis service to their commercial and government clients as part of DHS’ Enhanced Cybersecurity Services voluntary information-sharing program.The NetFlow Analysis tool will work to help AT&T, CenturyLink, Lockheed Martin and Verizon identify and examine malicious activity in enterprise computer systems, Andy Ozment, DHS assistant secretary for cybersecurity and communications, wrote in a blog article published Jan. 26.
He said DHS-accredited commercial services providers use sensitive or classified threat information from the ECS program to prevent unauthorized access and data transfer to their clients’ networks.
CSPs also offer domain name service sinkholing and email filtering services through the program.
An updated ECS Privacy Impact Assessment document from the department’s privacy office says the network analysis platform is not meant to collect, store or use personally identifiable information, Ozment added.
Nextgov’s Aliya Sternstein reported Monday the DHS may provide anonymized cybersecurity metrics information to the National Institute for Standards and Technology, FBI and National Security Agency for program evaluation purposes.
Some civil liberties advocacy groups said the department’s new privacy impact assessment report contains a loophole for agencies such as NSA to monitor Internet users, Sternstein writes.
