Shows & Panels
Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- American Readiness: Renewable Power and Efficiency Technologies
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Delivering the Digital Government Mission
- Federal Executive Forum
- Federal News Radio's National Cyber Security Awareness Month Special Panel Discussion
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- Government Perspectives on Mobility and the Cloud
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mitigating Insider Threats in Virtual & Cloud Environments
- Modern Mission Critical Series
- The New Generation of Database
- Reimagining the Next Generation of Government
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
DHS sketching future of Einstein cyber tools
Thursday - 9/9/2010, 7:20am EDT
By Jason Miller
Federal News Radio
The Homeland Security Department has heard the long-standing call for in-depth defense of computer networks and over the next year it's coming to the .gov domain.
DHS is looking at several technologies, including some from the Defense Department, to build up its National Cybersecurity Protection System (NCPS). The new software and hardware will help the U.S. Computer Emergency Readiness Team (U.S. CERT) better understand and defend against the ever-changing threats agencies face daily.
"Our [Block] 2.1 provided the aggregation, automated correlation and visualization tools that soon will go into full production for U.S. CERT," said Nicole Dean, deputy director of the National Cybersecurity Division at DHS, in an interview with Federal News Radio. "The next one we are working on is really what we call block 2-2 and block 3-0. Block 2-2 is automated information sharing with departments and agencies. We want to get into better information sharing, more automated and into a more machine-to-machine environment."
Dean said block 3 will include several different tools such as Einstein 3 and network and performance management software to ensure integrity and confidentiality of the data.
DHS started with Block 1, which was the Einstein 1 system providing sensor capabilities and network flow management tools to detect possible threats starting in 2004. The agency then moved to Block 2, which was Einstein 2, providing intrusion detection tools.
DHS still is installing Einstein 2 across the government.
"The goal for Einstein 2 is to get intrusion detection for passive sensors at 19 approved Trusted Internet Connections Access Providers (TICAPs) as well as the four Managed Trusted IP Services (MTIPS) providers through the Networx contract," Dean said. "We deployed Einstein 2 to 13 of 19 TICAPS and deployed to all four MTIPS providers. Right now Einstein 2 is making good traction and we will be finished deploying it in early fiscal 2011."
Dean said the six agencies who have not deployed the technology are working toward it. She said there are several reasons for the delay including getting the paperwork - Memorandum of Agreement, Service Level Agreements - approved by legal and uncertainty around agency technology architectures.
"We still have [six] departments that are trying to determine what their ultimate TIC architecture will look like," she said. "They are validated as TICAP, but they have not chosen the final location of where they will deploy their TICS."
Dean said DHS has moved on to testing Einstein 3. In fact, DHS will hold an industry day later this year around a classified request for information it issued last year to help define Einstein 3 and other block 3 technologies.
Dean could not offer much about the classified RFI, but said DHS will post information on the FedBizOpps.gov website.
She did offer more about Einstein 3.
"We conducted an exercise to look at DoD technology and we also are in the midst of a design study to further understand where and what we want Einstein 3 to be," Dean said. "Part of the industry day later this year will be to firm up some of that architectural design. We are going through this design process to balance COTS, GOTS and managed services, and figured out what makes the most sense from a cost, schedule and performance perspective."
DHS's decision to look at DoD technology is part of a broader collaboration effort between the two cybersecurity leaders.
Dean said DoD and DHS have a strong working relationship, each hosting the other's experts to ensure sharing of data and education of cyber threats.
"DoD has an active defense system, also known as an intrusion prevention system that they are using at Internet access points," she said. "We were evaluating what they have developed to see if it would feed, help, enable and be able to be utilized as part of Einstein 3 architecture. Really just trying out their system and that is where we are out with the Einstein 3 design."
(Copyright 2010 by FederalNewsRadio.com. All Rights Reserved.)