DHS sketching future of Einstein cyber tools

Thursday - 9/9/2010, 7:20am EDT

WFED's Jason Miller with Nicole Dean, DHS deputy director of the National Cybersecurity Division

Click below to hear the interview

Download mp3

By Jason Miller
Executive Editor
Federal News Radio

The Homeland Security Department has heard the long-standing call for in-depth defense of computer networks and over the next year it's coming to the .gov domain.

DHS is looking at several technologies, including some from the Defense Department, to build up its National Cybersecurity Protection System (NCPS). The new software and hardware will help the U.S. Computer Emergency Readiness Team (U.S. CERT) better understand and defend against the ever-changing threats agencies face daily.

The National Cybersecurity Division is breaking the implementation into blocks or phases.

"Our [Block] 2.1 provided the aggregation, automated correlation and visualization tools that soon will go into full production for U.S. CERT," said Nicole Dean, deputy director of the National Cybersecurity Division at DHS, in an interview with Federal News Radio. "The next one we are working on is really what we call block 2-2 and block 3-0. Block 2-2 is automated information sharing with departments and agencies. We want to get into better information sharing, more automated and into a more machine-to-machine environment."

Dean said block 3 will include several different tools such as Einstein 3 and network and performance management software to ensure integrity and confidentiality of the data.

DHS started with Block 1, which was the Einstein 1 system providing sensor capabilities and network flow management tools to detect possible threats starting in 2004. The agency then moved to Block 2, which was Einstein 2, providing intrusion detection tools.

DHS still is installing Einstein 2 across the government.

"The goal for Einstein 2 is to get intrusion detection for passive sensors at 19 approved Trusted Internet Connections Access Providers (TICAPs) as well as the four Managed Trusted IP Services (MTIPS) providers through the Networx contract," Dean said. "We deployed Einstein 2 to 13 of 19 TICAPS and deployed to all four MTIPS providers. Right now Einstein 2 is making good traction and we will be finished deploying it in early fiscal 2011."

Dean said the six agencies who have not deployed the technology are working toward it. She said there are several reasons for the delay including getting the paperwork - Memorandum of Agreement, Service Level Agreements - approved by legal and uncertainty around agency technology architectures.

"We still have [six] departments that are trying to determine what their ultimate TIC architecture will look like," she said. "They are validated as TICAP, but they have not chosen the final location of where they will deploy their TICS."

Dean said DHS has moved on to testing Einstein 3. In fact, DHS will hold an industry day later this year around a classified request for information it issued last year to help define Einstein 3 and other block 3 technologies.

Dean could not offer much about the classified RFI, but said DHS will post information on the FedBizOpps.gov website.

She did offer more about Einstein 3.

"We conducted an exercise to look at DoD technology and we also are in the midst of a design study to further understand where and what we want Einstein 3 to be," Dean said. "Part of the industry day later this year will be to firm up some of that architectural design. We are going through this design process to balance COTS, GOTS and managed services, and figured out what makes the most sense from a cost, schedule and performance perspective."

DHS's decision to look at DoD technology is part of a broader collaboration effort between the two cybersecurity leaders.

Dean said DoD and DHS have a strong working relationship, each hosting the other's experts to ensure sharing of data and education of cyber threats.

"DoD has an active defense system, also known as an intrusion prevention system that they are using at Internet access points," she said. "We were evaluating what they have developed to see if it would feed, help, enable and be able to be utilized as part of Einstein 3 architecture. Really just trying out their system and that is where we are out with the Einstein 3 design."

(Copyright 2010 by FederalNewsRadio.com. All Rights Reserved.)