BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

UK And Germany Double Down On Joint AI, Clean Energy R&D Efforts
Decarbonizing Heavy Transportation: Quantron's Michael Perschke On Pioneering Hydrogen Solutions
Bridging The Digital Divide In The AI Era - The UNDP Way
Big Tech Ramps Up Content Moderation Amid EU Pressure
Spain's Successful Miura 1 Launch Reignites Europe's Hopes For Space Exploration
UNESCO And The Netherlands Launch Initiative To Ensure Ethical Oversight Of AI
Edit Story
ForbesTech

EINSTEIN Not Smart Enough To Defend U.S. Government Against Cyber Attacks

Steve Morgan
Former Contributor
Opinions expressed by Forbes Contributors are their own.
I write about the business of cybersecurity.
This article is more than 8 years old.

The U.S. Department of Homeland Security (DHS) has spent roughly $6 billion developing the EINSTEIN intrusion detection system - officially referred to as the National Cybersecurity Protection System, or NCPS. The firewall is intended to protect U.S. federal agencies against attacks launched by hostile nation states and malicious cyber actors.

According to a stinging report just released by the U.S. Government Accountability Office (GAO), EINSTEIN is not nearly as smart as it needs to be. The GAO, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people.

Some key findings from the GAO report on the NCPS:

  • NCPS provides DHS with a limited ability to detect potentially malicious activity entering and exiting computer networks at federal agencies.
  • NCPS does not monitor several types of network traffic and its “signatures” do not address threats that exploit many common security vulnerabilities and thus may be less effective.
  • Federal agencies have adopted NCPS to varying degrees. Only 5 of the 23 agencies were receiving intrusion prevention services, but DHS was working to overcome policy and implementation challenges.

President Obama issued an executive order on April 1, 2015, declaring “the increasing prevalence and severity of malicious cyber-enabled activities… constitute an unusual and extraordinary threat to the national security, foreign policy and economy of the United States. I hereby declare a national emergency to deal with this threat.”

How exactly is the national emergency dealing with the cyber threat?

President Obama included $14 billion for cybersecurity spending in his 2016 budget. Perhaps this should be a talking point for the Democratic and Republican Presidential Candidates. How would they spend our national cyber budget to smarten-up EINSTEIN, and get it fully deployed across all U.S. federal agencies?

The entire GAO-16-294 Information Security report to congressional committees can be found here.

Steve Morgan
Steve Morgan