Homeland Security Secretary: Cybersecurity Tool Einstein is Good and Getting Better
Aaron Boyd, Federal TImes 11:19 a.m. EST February 1, 2016
Homeland Security Secretary Jeh Johnson has said cybersecurity is a top priority for the department — right alongside counterterrorism. So, after news outlets reported on a recent critical review from the Government Accountability Office, Johnson released a statement defending the department’s premiere cybersecurity tool: Einstein.
Agency and program managers are required to comment on GAO and inspector general reports but it is rare to have a secretary release a statement in response to an individual report.
Johnson did not dispute any of GAO’s claims. Rather, he pointed to the program’s successes (which were also noted in the report) and where it is headed in the near- and long-term.
“The first two phases of the Einstein program have been deployed across all federal civilian departments and agencies,” he said. “This now allows us to detect cybersecurity threats and Einstein has in fact proven invaluable to identify significant incidents.”
The third phase — dubbed Einstein 3 Accelerated, or E3A — by blocking malicious traffic. Though, as both GAO and Johnson note, the system can only block known threat vectors. Even so, the secretary said E3A has blocked some 700,000 attacks to-date and is available to all government agencies.
Johnson said DHS is working to improve the system, as well, with the goal of eventually block 0-day threats, as well as known attacks.
“Einstein also provides a platform for new technologies to protect the government,” he said. “I have therefore directed our team to research and build capabilities that will allow us to detect never-before-seen attacks, leveraging the best of government and private sector technology and expertise.”
The department has awarded a number of contracts recently to boost Einstein, including bringing in the major Internet service providers to wrangle malicious traffic early and awarding a $1 billion, five-year contract to develop new capabilities.
“The Einstein system is not a silver bullet,” Johnson said. “It does not stop all attacks, nor is it intended to do so. It is part of a broader array of defenses.”
Statement by Secretary Jeh C. Johnson on the Recent GAO High-Risk Series Report to Congress
Release Date: February 24, 2015
For Immediate Release
DHS Press Office
This week, in the midst of our efforts to convince Congress to enact a clean, full-year appropriations bill for the Department of Homeland Security, I am pleased to report another huge step forward in our management reform efforts. As I stated in my January 29th speech at the Wilson Center, management reform is one of my New Year’s resolutions for this Department.
DHS is one of 16 departments and agencies of government on GAO’s “High Risk” list. We have been on that list since DHS was created in 2003, simply by virtue of the large realignment of government it took to create the Department. In its most recent report to Congress on February 11, GAO once again noted DHS’s good progress toward getting off the list. Specifically, GAO noted that since its last report in 2013, DHS has “fully addressed” 9 of 30 risk areas, and has made significant progress toward addressing the remaining 21. Overall, GAO has stated that DHS is a “model” for how federal agencies can work to address GAO’s high risk designations.
GAO also stated:
“DHS’s top leadership, including the Secretary and Deputy Secretary of Homeland Security (who assumed leadership of the department after our 2013 update), have continued to demonstrate exemplary commitment and support for addressing the department’s management challenges. For instance, the department’s Deputy Secretary and Under Secretary for Management, and other senior management officials have frequently met with us to discuss the department’s plans and progress, which helps ensure a common understanding of the remaining work needed to address our high-risk designation.”
I appreciate the strong working relationship with our colleagues at GAO. I also appreciate and salute Deputy Secretary Mayorkas and our Management Directorate for the time and effort they have invested in our management reform efforts. Our good work must and will continue.
For more information, visit www.dhs.gov.
Other reports suggest the federal government will significantly increase spending on general IT security in the coming years and will drop even more cash for security products and services related to national security and emergency services.
An independent research firm, IDC Government Insights, predicts a 3.2 percent increase in general IT security spending across the federal sector — from $2.3 billion in fiscal 2015 to $2.7 billion by fiscal 2020. The report predicts national security-related IT security will increase more than 9 percent over the same span — from $3.7 billion to $5.7 billion.
The increased spending in the long term is a result of the government’s increased focus on cyberattacks and threats from groups like ISIS, as well as an evolution in the way IT security is practiced across the civilian, defense and intelligence sectors, according to the report.