Following release of a government audit report in late January that highlights shortcomings in a federal cyber security system, Homeland Security Secretary Jeh Johnson on has directed his department to develop the capabilities to defend against unknown cyber attacks.
The Government Accountability Office (GAO) report says that the National Cybersecurity Protection System (NCPS), which is operationally called EINSTEIN, is useful in detecting and preventing cyber intrusions but still has limited capabilities. One of those limitations is the inability of EINSTEIN to detect and prevent attacks where the threat signature is unknown.
Responding to the report, Johnson issued a statement saying that “The EINSTEIN system is not a silver bullet. It does not stop all attacks, nor is it intended to do so. It is part of a broader array of defenses. Further, as GAO notes correctly, the current version of EINSTEIN only blocks cyber threats we know about. But EINSTEIN also provides a platform for new technologies to protect the government. I have therefore directed our team to research and build capabilities that will allow us to detect never-before seen attacks, leveraging the best of government and private sector technology and expertise.”
GAO says that the intrusion detection capabilities are the most developed of the system objectives of the NCPS, but warns that the system isn’t making use of publicly available data as well as signatures from the DHS Continuous Diagnostics and Mitigation (CDM) program to allow it to detect “attacks that exploit known vulnerabilities.”
In response, DHS agreed with GAO on the need to better link threat signatures to publicly available databases and said it is updating a software tool for this purpose.
The EINSTEIN system is deployed and operated by DHS to protect the computer networks of the federal civilian government and is deployed across all federal civilian departments and agencies although it is the responsibility of these entities to adopt the system’s capabilities.
The GAO report says that federal civilian departments and agencies must approve memoranda of agreement (MOA) to establish EINSTEIN service for an agency. So far 16 of 23 non-defense agencies have done so, it says.
However, citing DHS officials responsible for deploying and maintaining EINSTEIN, GAO says even in cases where an agency chief information officer has signed an MOA, “network operators within the agency can be unaware of the agreement, which can pose a potential barrier to full deployment.”
Johnson pointed out that the third phase of protection system, called EINSTEIN 3A, which can actively block potential cyber attacks, is currently available to 100 percent of the government although it is only protecting 50 percent of departments and agencies.
Big Increase for Federal Cyber Efforts
On Tuesday the Obama Administration sent to Congress its budget request for FY ’17 that includes more than $19 billion for cyber security, a 35 percent increase over levels enacted in FY ’16. The White Houses says the budget proposal supports all federal civilian agencies adopting EINSTEIN and the CDM program. It also says that DHS, the General Services Administration and other federal agencies “will increase the availability of government-wide share services for IT and cybersecurity, with the goal of taking each individual agency out of the business of building, owning and operating their own IT when more efficient, effective, and security options are available, as well as ensuring that individual agencies are not left on their own to defend themselves against the most sophisticated threats.”
The White House also says that the Justice Department, including the FBI, is increasing its cyber security-related funding by more than 23 percent “to improve their capabilities to identify, disrupt, and apprehend malicious cyber actors.”
Johnson also said he is working with departments to “prioritize” the use of EINSTEIN 3A, noting that Congress has mandated that all federal civilian agencies avail themselves of the program by the end of 2016.
Johnson touted the results so far from EINSTEIN saying it has been “invaluable to identify significant incidents” and that “to date EINSTEIN 3A has blocked over 700,000 cyber threats.” He also noted that EINSTEIN 3A, unlike commercial products, can use classified information “so the government is protected against our most sophisticated adversaries.”
In the FY ’17 budget request DHS will also double the number of its advisors that assist the private sector with cyber security assessments and implementing best practices. As part of a strengthened outreach with the private sector, DHS and the Departments of Commerce and Energy will also establish a National Center for Cybersecurity Resilience for companies and sector-wide organizations can test the security of system in a contained environment, “such as by subjecting a replica electric grid to cyber attack,” the White House says.
DHS, working with Underwriters Laboratories and industry, will also develop a Cybersecurity Assurance Program, that will “test and certify networked devices within the ‘Internet of Things’” to ensure it has been certified to meet security standards, the White House says.