CybersecurityEinstein 3 Accelerated (E3A) deployment gets a push forward

Published 13 August 2015

The two recent network breaches at the Office of Personnel Management (OPM), which allowed the pilfering of sensitive personal information of millions of federal employees, their families, clearance applicants, and contractors, has drawn attention to the Department of Homeland Security’s $3 billion network monitoring program called Einstein. The question now is whether that program is the capable of preventing another intrusion in the future.

The two recent network breaches at the Office of Personnel Management (OPM), which allowed the pilfering of sensitive personal information of millions of federal employees, their families, clearance applicants, and contractors, has drawn attention to the Department of Homeland Security’s $3 billion network monitoring program called Einstein. The question now is whether that program is the capable of preventing another intrusion in the future.

The Federal Times reports that a bill is now before the Senate to address shortcomings of the DHS schedule for deployment of countermeasures in federal government’s executive department networks. The bill, the Carper-Johnson Federal Cybersecurity Enhancement Act of 2015 (S.1869), is intended to accelerate the deployment of the newest iteration of Einstein, also known as E3A.

In the past, network security was provided by intrusion detectors. Such countermeasures operated by “listening” to network traffic over a short period of time. This monitoring led to the detectors building a traffic model of the network. If the network was carrying traffic that yielded a statistical anomaly, a message was transmitted to network security personnel, advising them of a possible penetration of the network.

Einstein 3 is a more sophisticated, more robust intrusion detector. Einstein 3 Accelerated (E3A) will be deployed to enhance cybersecurity analysis, situational awareness, and security response.

With E3A, DHS will not only be able to detect malicious traffic targeting federal government networks, but also prevent malicious traffic from harming those networks. By analyzing traffic to determine the possibility of malware, the offending traffic can be eliminated before even arriving in the target network.

This will come about by delivering intrusion prevention as a Managed Security Service provided by Internet Service Providers (ISPs.) Under such a paradigm, DHS will provide service levels, and ISPs will administer intrusion prevention and threat-based decision-making on network traffic entering and leaving participating federal civilian executive branch agency networks. DHS will provide the ISPs with a model of the expectations and objectives of their constituent department networks, and the ISPs will

Einstein E3A3 now protects approximately 45 percent of federal department networks. The Carper-Johnson bill aims to speed up Einstein’s deployment.

While not perfect, Einstein E3A does provide better protection than its predecessors.

The Senate is yet to approve the bill, but Congress has already passed a bill, H.R. 1731, which contains similar provisions to the Senate bill.