Homeland Security Secretary Jeh Johnson recently defended the nearly $6 billion National Cybersecurity Protection System after a federal audit found the program has lacked the ability to adequate prevent hackers from breaching government networks.
Although the Government Accountability Office concluded in report made public last week that the Department of Homeland Security needs to enhance the capabilities of its multi-billion dollar cyber protection system known as “EINSTEIN,” the DHS chief said in response that the program, while still being rolled out, has already assisted federal authorities in spotting hack attacks.
“The first two phases of the EINSTEIN program have been deployed across all federal civilian departments and agencies. This now allows us to detect cybersecurity threats, and EINSTEIN has in fact proven invaluable to identify significant incidents,” Mr. Johnson said in a statement.
“The new and third phase of EINSTEIN, known as EINSTEIN 3A, has the ability to actively block — not just detect — potential cyber attacks. Unlike commercial products, EINSTEIN 3A can rely upon classified information, so the government is protected against our most sophisticated adversaries,” he added.
But seven years after first being launched — and amid a wave of cyberattacks waged at government targets, including last year’s breach of the Office of Personnel Management — the GAO report called into question the capabilities of EINSTEIN after a review revealed that the program has only been properly implemented by five of 23 required federal agencies and lacks adequate intrusion and prevention capabilities.
“While NCPS’s ability to detect and prevent intrusions, analyze network data and share information is useful, its capabilities are limited,” the audit found.
Specifically, the newly released GAO report — a 61-page version of a classified audit supplied to the government last year — alleges that EINSTEIN has fallen short of its goal with respect to four target capabilities: intrusion detection; intrusion prevention; analytics and information sharing.
“For example,” the report reads, “NCPS detects signature-based anomalies but does not employ other, more complex methodologies and cannot detect anomalies in certain types of traffic.” As a result, sophisticated cyberattacks like those waged by state-sponsored actors may slip pass EINSTEIN, as could any newly developed exploits not yet discovered.
“The EINSTEIN system is not a silver bullet. It does not stop all attacks, nor is it intended to do so,” Mr. Johnson said in response. He’s nevertheless following up on recommendations made by the GAO, and said he has directed the DHS to “research and build capabilities that will allow us to detect never-before seen attacks, leveraging the best of government and private sector technology and expertise.”
DHS has spent $1.2 billion on EINSTEIN since 2009, and plans to have invested around $5.9 billion into the program by 2018.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.