Ellen Nakashima reports on a partnership between the NSA, defense contractors, and their Internet service providers to find hackers before they hack.

The National Security Agency is working with Internet service providers to deploy a new generation of tools to scan e-mail and other digital traffic with the goal of thwarting cyberattacks against defense firms by foreign adversaries, senior defense and industry officials say.


Officials say the pilot program does not involve direct monitoring of the contractors’ networks by the government. The program uses NSA-developed “signatures,” or fingerprints of malicious code, and sequences of suspicious network behavior to filter the Internet traffic flowing to major defense contractors. That allows the Internet providers to disable the threats before an attack can penetrate a contractor’s servers. The trial is testing two particular sets of signatures and behavior patterns that the NSA has detected as threats.

The Internet carriers are AT&T, Verizon and CenturyLink. Together they are seeking to filter the traffic of 15 defense contractors, including Lockheed, Falls Church-based CSC, McLean-based SAIC and Northrop Grumman, which is moving its headquarters to Falls Church. The contractors have the option, but not the obligation, to report the success rate to the NSA’s Threat Operations Center.

From a technical stand-point, this is probably a better way to find hackers than waiting until they steal your data. But of course, it raises all sorts of privacy issues.

But for all the generalized concerns I have about it, I kept thinking of HB Gary when I read this story. After all, the NSA is surely working with contractors on their own side of this. And threat detection like this is precisely the kind of thing HB Gary did, before they started pitching the Chamber of Commerce to spy on activists.

So who are the other contractors involved in this, and what else are they doing with the technology?