DHS gears up to unleash Einstein 3 to better secure federal networks

Monday - 7/22/2013, 12:25pm EDT

Jason Miller and Brendan Goode discuss the key features of Einstein 3 and the implications for security on federal networks.

Download mp3

A majority of the large agencies have signed up for a new tool in the war against cyber attacks.

The Homeland Security Department is past the testing phase and ready to start the implementation of the Einstein 3 (E3A) program.

Brendan Goode, the director of network security deployment in the National Protection and Programs Directorate in DHS, said 15 out of the initial 23 agencies expected to implement Einstein 3 have signed memorandums of agreements with the department. DHS said E3A will "detect malicious traffic targeting federal government networks, but also prevent malicious traffic from harming those networks," according to Einstein 3's April 2013 Privacy Impact Assessment.

"The next set of activities that we have to do is the actual engineering to provision over those services, and we are actively engaged with several to do that," Goode said recently in an exclusive interview with Federal News Radio. "It's been a tremendously positive engagement with departments and agencies. Around mid-last year, we really started to roll out the architecture of where we were going with a lot of the technologies and solutions. We reached out through the policy community and the chief information officer and chief information security officers' communities to start educating them."

Goode said there are several key components that will make Einstein 3 work.

"One is the infrastructure piece. Can I connect the analysts to the sensors to the data in a secure means?" he said. "The second is ensuring we are able to only affect and work on the dot-gov traffic; so, the ability to segregate out dot-gov from dot-com and present it in at a place where it's physically secure, so we can introduce Einstein 3 services themselves. Both of those have made tremendous amounts of progress. The infrastructure is in place and operational. The traffic segregation aggregation capabilities are in the final parts of test phases with three of them. The fourth one is operational, and the fifth one we expect to come online later this year."

Budget request still pending

DHS requested $406 million in the fiscal 2014 budget request to Congress. Secretary Janet Napolitano told the House Appropriations Committee in April that sequestration could put the deployment of E3A at risk.

In the House's version of the DHS appropriations bill for next year, lawmakers allocated $786 million for cybersecurity operations, which is $24 million below the president's request and $30 million above the 2013 enacted level. The bill doesn't mention Einstein directly, but does say of that $786 million, about $199.7 million should go to continuous monitoring. Every agency also must submit a plan by July 1, 2014, to the House Appropriations Committee describing how they are improving the security of their computer networks.

The committee approved the DHS spending bill May 15, but it hasn't gone to the floor for a full vote yet.

The Senate Appropriations Committee, meanwhile, approved the DHS spending bill July 18. It included $803.8 million for cybersecurity protection of federal networks and incident response, which is $48 million above the 2013 allocation. Of that $803.8 million, DHS would receive $393 million for intrusion detection on civilian federal networks.

The bill now goes to the full Senate for a vote.

DHS is putting a lot of faith in Einstein 3 to meet Congress' goals of improving federal network security.

After conducting two pilots with the E3A concept, Goode said DHS decided to go with a managed security services approach using the Internet Service Providers (ISPs) under the General Services Administration's Networx contract.

DHS handles all the contracting and costs to implement E3A. CIOs and CISOs have to work with DHS on timing for implementation and whether the customer agency's ISP providers are ready to provide the Einstein services.

"The agencies will get benefits from services as their ISP carriers come online with the services themselves. There is a process to getting the concept of the service defined, getting the service on contract, getting the implementation and testing done and then the onboarding," Goode said. "In one case, we have passed all those steps and are doing the onboarding process, and the other steps we have several others preparing to come on line. As we talk about the role of the ISPs, it really is still under the direction of DHS from that standpoint. From our standpoint, they are taking the direct direction of here are the type of indicators and blocking actions we want to see be taken."