Although this NSA technology is more sophisticated than traditional anti-virus programs, it still can screen only for known threats. Developing detection and mitigation strategies for emerging new threats is more difficult.
The program also does not protect against insider threats or employees who deliberately leak material. Nor will it protect a network from penetration by hackers who have compromised security software, enabling them to log in as if they were legitimate users. That is what happened recently when security firm RSA’s SecurID tokens were compromised, enabling hackers to penetrate Lockheed Martin’s computers. Lockheed said no customer, program or employee personal data were compromised.
The pilot program has been at least a year in the making. Providers and companies were concerned that they would be vulnerable to lawsuits or other sanctions if they allowed the government to filter the traffic or shared network data with the government. The NSA, meanwhile, was concerned about the classified data getting into the hands of adversaries.