As part of its plan to better protect federal computer networks from cyber threats, the Department of Homeland Security (DHS) a month ago awarded the telecommunications firm CenturyLink [CTL] a contract to begin monitoring the Internet traffic of its government customers to detect and prevent malicious cyber attacks against those networks, a department official said yesterday.
The award to CenturyLink was made as part of the Einstein 3 Accelerated (E3A) program, Roberta Stempfley, acting assistant secretary for the Office of Cyber Security and Communications within the DHS National Protection and Programs Directorate, told the House Homeland Security Cybersecurity Subcommittee. DHS is also in negotiations with four other Internet Service Providers (ISPs) that service the federal government to provide the same network protection services, she said.
The E3A program will deliver cyber “intrusion prevention capabilities as a Managed Security Service provide by Internet Service Providers,” DHS said in a Privacy Impact Assessment it issued for the program in April. “Under the direction of DHS, ISPs will administer intrusion prevention and threat-based decision-making on network traffic entering and leaving participating federal civilian Executive Branch agency networks.”
Stempfley said that CenturyLink will be providing the E3A services to its customers while the other ISPs the department is negotiating contracts will provide those cyber services to its federal customers.
The E3 program was originally a DHS effort to provide classified capabilities to the ISPs but under the accelerated version of the program, which began a year ago, DHS is taking “advantage of the innovation that the ISPs can provide into this environment” as they “are most knowledgeable of their own infrastructure,” Stempfley said.
Einstein 3 is part of the National Cybersecurity Protection System begun by DHS in 2008 to protect federal civilian government computer networks from known or suspected cyber attacks. Earlier deployments of Einstein, versions 1 and 2, analyzed network flow records and provided detection and alerts of known and suspected cyber threats.
Under E3A, DHS is on schedule to achieve final operational capability of the intrusion prevention capability by the end of 2015 versus the original 2018 schedule, Stempfley said. Moreover, the life-cycle cost of the deployment is the same, she added.
According to the April PIA, the E3A program initially will use two cyber threat countermeasures in protecting federal networks, Domain Name Server (DNS) sinkholing capability and email filtering.
DNS sinkholing allows DHS to block malware on federal networks from communicating with known or suspected malicious Internet domains while the email filtering permits the department to scan email sent to federal civilian networks for malicious attachments and other malwares.