US department of homeland security

DHS Created EINSTEIN Cybersecurity

A big issue that the US Government is hoping to tackle is cybersecurity. This topic is the proverbial “elephant in the room” situation that needs to be addressed as sensitive Governmental data, system files, and account credentials are being transmitted via the World Wide Web. The Federal Government tried to take care of this issue straightaway by introducing the Department of Homeland Security’s (DHS) cybersecurity system, also known as EINSTEIN. However, the results of the cybersecurity program have been underwhelming to say the least and the Government is proposing to significantly increase cybersecurity spending through 2017 in order to correct these shortcomings. The question that everyone should ask is not why they should increase spending, but how to better allocate these funds to finally get cybersecurity right. Let’s take a look at why DHS’s EINSTEIN failed in the first place and how the Government can better ensure that this type of issue does not repeat itself.

First Off, What is EINSTEIN?

To get things started, DHS released the very first iteration of EINSTEIN back in 2003, which is also known as the National Cybersecurity Protection System (NCPS). EINSTEIN was intended to be the primary cybersecurity system that would provide four major security capabilities to the Federal Government, such as intrusion detection, intrusion prevention, data analytics, and information sharing. This program was meant to be disseminated and integrated across all 23 Federal agencies’ IT networking systems to help safeguard any personally identifiable information (PII) and avoid malicious web hacking attempts. However, things don’t always go the way one intends. EINSTEIN turned out to be a massive security failure and was deemed by the Government Accountability Office (GAO) to be unfit to properly prevent data breaches for the Federal Government. This issue was exacerbated by the fact that only a few handful of Government agencies actually adopted the cybersecurity program into their IT networks. Ideally, EINSTEIN, with its forecasted price tag of $5.7 billion, should have been the crème de la crème of all cyber defense solutions, but the Government soon found out their technology was still a ways behind. Here are three possible suggestions as to why the EINSTEIN experiment failed to live up to expectations.

Very old sharp calculating machine

Old Technology

Outdated Technology

Industry insiders and even internal stakeholders have openly admitted that EINSTEIN’s detection technology is at least 15 years behind the private sector. The reason why EINSTEIN’s firewall is lagging is primarily due to its reliance on signature based detection technology. Signature based detection wholly depends on matching a database of known or previously detected attack patterns to determine whether certain web traffic is deemed unsafe. This severely limits EINSTEIN’s capabilities in detecting and filtering out modified or unknown web attacks, which leaves it vulnerable to high false negative readings that allow attack attempts to slip through the cracks. To make matters worse, the EINSTEIN firewall was not properly synched up with the National Institute of Standards and Technology’s database of security flaws, which is where the security system was to receive its signature updates. On the other hand, many private sector companies are constantly readjusting their detection methodologies in order to better counteract these unknown web attacks that may strike. Some are going as far as integrating software based machine learning to their cybersecurity profiles to better understand and predict future attacks before they happen.

As web attacks continue to grow in both volume and sophistication, so too must web security solutions that are in place to counter these attacks. To be exact, cyber defense programs should be one step ahead of prospective web attacks in order to be fully prepared to mitigate or deter any intrusion attempts. This goes double for Federal computer systems and web security programs, which could turn into a major national security issue if faced with a web attack. Innate technical issues, such as utilizing an outdated form of detection technology for its firewall, and even simple lack of recurring signature updates are reasons why EINSTEIN is dragging behind the rest of the industry.

Untrustworthy Performance

After the GAO audited the performance and efficacy of the EINSTEIN firewall, the agency determined that many changes need to take place in order for the cybersecurity system to properly function. The GAO tested EINSTEIN by presenting 489 known security vulnerabilities in computer and web applications; however, unimpressively, EINSTEIN was only able to detect roughly 29 vulnerabilities for a 6% accuracy rate. In other words, EINSTEIN failed to identify 94% of security vulnerabilities that commonly plague Federal network systems. As mentioned above, the expectations for EINSTEIN’s ability to detect and filter malicious traffic should be close to 100% due to the sensitivity of the material it protects, as well as the steep price tag associated with the system.

EINSTEIN’s poor performance also came under major scrutiny and criticism during last year’s massive data breach on the Office of Personnel Management (OPM). Hackers targeted the personal information of over 21 million Federal employees by stealing standard SF-86 forms, which are used for reviewing background checks for security clearances. According to Wired, the OPM hack took over 4 months for security specialists to discover, which was a testament to EINSTEIN’s failure to detect and subsequently block these intrusion attempts. EINSTEIN should have been the first line of defense to block these attacks from ever happening in the first place. It is also suspected that the IP addresses of hackers who targeted the OPM data originated from China, which proves that these attacks can also be a serious issue of national security if not properly remediated.

Planning

The EINSTEIN firewall was intended to be implemented across all 23 Federal agencies since all agencies are mandated to have intrusion detection and prevention solutions. The GAO reported that only five agencies actually implemented EINSTEIN for full cybersecurity use. For any Federal agency, protecting Governmental information and appropriating public funds should be of utmost importance. However, the fact that EINSTEIN was not even fully implemented internally speaks volumes of its effectiveness and the leadership behind the program.

In addition, the Obama administration has recognized the failure of Government IT security by comparing their technology as an “Atari game in an Xbox world.” Although there are great steps being taken by the Government to correct these issues, such as increasing its cybersecurity spending to $19 billion by 2017, they still need to better plan out the country’s cybersecurity goals for the future. For instance, the Federal Government should be trailblazers when it comes to cybersecurity, rather than trying to play catch up with the rest of the private sector. The Government must prove that they are serious about security and show signs of drastic improvement or planning in this key area.

Forging Ahead

As the rest of the world advances in its cybersecurity capabilities, the US Government needs to emerge as a true global technology leader. Although current cybersecurity issues need to be dealt with immediately, one major issue that the Government needs to address is planning for the future of cybersecurity. As most internal Government programs and systems are considered “Inherently Governmental” work, it is imperative that the Government begin looking towards increasing the homegrown talent that can better serve the country. Part of the increased cybersecurity spending should be used to invest in the next generation of cyber professionals to promote internal innovation and growth. This can enable the Government to build better internal systems, utilize its own cutting edge technology, and ultimately become trend setters for the rest of the industry. A few ways that the Government could get started is to build cybersecurity research centers in communities, expand education programs to include programming at a young age, develop cybersecurity related Federal career tracks, etc. Providing these types of benefits and programs can influence the next generation of security specialists to become more aware of cybersecurity and possibly motivate them to want to help the Federal Government. These are the types of investments the Federal Government should be making with the increased cybersecurity funding.

In the coming years, cybersecurity will be a major concern for those that are not fully prepared to implement effective policies and procedures to better protect their computer systems. Any organization, including the Federal Government, will need to reinvent themselves to better prepare for the future. Increasing spending for cybersecurity related initiatives is a great first step for the Government, but it needs to also set a better precedent by transitioning into a future cybersecurity leader. This can be accomplished by investing in the next generation of IT professionals and to help motivate them to become future Government security leaders. Now is the time to get started!