New .gov threat detection software nearing completion

Published 1 March 2011

DHS is currently in the final stages of implementing Einstein 2, its new cybersecurity threat detection system, across all federal networks; Einstein 2 is designed to provide the government with intrusion detection tools on its networks; installation is expected to be completed this year; DHS is also in the midst of testing Einstein 3 and hopes to begin installation of that system within the year; the Einstein system is part of a total suite of technological solutions designed to secure the .gov domain from cyber threats; these tools are being developed in conjunction with the Department of Defense

DHS is currently in the final stages of implementing Einstein 2, its new cybersecurity threat detection system, across all federal networks.

Beginning in 2004, DHS started implementing the Einstein 1 system which provided sensor capabilities and network flow management tools to detect potential threats. Einstein 2 is designed to provide the government with intrusion detection tools. Installation is expected to be completed this year.

Nicole Dean, the deputy director of the National Cyberscurity Division, said, “The goal for Einstein 2 is to get intrusion detection for passive sensors at nineteen approved Trusted Internet Connections Access Providers (TICAPs) as well as the four Managed Trusted IP Services (MTIPS) providers through the Networx contract.”

She added, “We deployed Einstein 2 to thirteen of nineteen TICAPS and deployed to all four MTIPS providers. Right now Einstein 2 is making good traction and we will be finished deploying it in early fiscal 2011.”

DHS is also testing Einstein 3 and hopes to begin installation of that system within the year.

According to DHS Secretary Janet Napolitano, Einstein 3 “will provide DHS with the ability to automatically detect and disrupt malicious cyber activity.”

The Einstein system is part of a total suite of technological solutions designed to secure the .gov domain from cyber threats.

Working in conjunction with the Defense Department, DHS is building a National Cybersecurity Protection System by providing the U.S. Computer Emergency Readiness Team (U.S. CERT) with software and hardware tools to better defend against malicious code, intrusion attempts, and other cyber threats.

The government-wide cybersecurity system is currently being installed in several “blocks.” Block 1 began in 2001 and included the Einstein 1 system. DHS has since moved to installing Block 2 and is hoping to begin implementation of Block 3 shortly.

Dean said, “Our [Block] 2.1 provided the aggregation, automated correlation and visualization tools that soon will go into full production for U.S. CERT.”

The next one we are working on is really what we call block 2-2 and block 3-0. Block 2-2 is automated information sharing with departments and agencies. We want to get into better information sharing, more automated and into a more machine-to-machine environment,” she said.

Block 3 will offer U.S. CERT several additional tools like Einstein 3 and other network and performance management software that can help ensure the integrity and confidentiality of government data.

At a recent speech, Secretary Napolitano outlined her department’s efforts over the past two years to bolster its cyber defense capabilities.

She said,”[We’ve] increased our capacity to fight cyber crimes and cyber terrorism, opening a new 24/7 watch and warning center, and testing our country’s first national-level cyber incident response plan, while increasing our stable of cyber experts by some 500 percent.”