DHS to test Einstein version 3

The Homeland Security Department is already testing version 3 of the Einstein intrusion detection system before version 2 has even been installed in any agency.

DHS secretary Michael Chertoff said Dec. 18 that the department is "experimenting" with the Einstein 3.0 and hopes to begin larger scale testing of it in the next six months.

Chertoff, speaking at the Cyber Strategic Inquiry 2008 conference in Washington, says version 3 will include an anti-malware defense that will let agencies stop an attempt to put a virus or Trojan software on their system.

DHS is currently implementing Einstein version 2 internally and plans to expand it to other agencies "in short order," Chertoff says.

"What this does is it detects in real-time, and it detects in real-time using certain capabilities to look at either the characteristics of the flow or some of what might be in the packets in order to see malicious code as it's coming into the network," Chertoff says. "Of course, that is the ability to give immediate warning."

Only about 20 agencies are using the initial Einstein capabilities.

The Office of Management and Budget is requiring agencies to implement Einstein software.

Many are waiting for the General Services Administration to add these services as part of the Trusted Internet Connections initiative to the Networx telecommunications contract.

GSA made the first award for these services, known as Managed Trusted IP Services (MTIPS), to AT&T Dec. 15.

GSA says it expects to award more contract modifications to some of the other Networx vendors, L3, Qwest, Sprint and Verizon, in early 2009.

"With these services, we will provide a secure portal from the agency's infrastructure, or Intranet to the public internet," says AT&T's executive director for the Networx program Jeff Mohan. "There is a technical aspect, which is routers, firewalls and that sort of thing that applies these security capabilities across that portal and looks a Internet traffic that comes from public Internet to Intranet and vice versa."

Other basic services include version 1 of the Einstein system, threat analysis and information sharing with DHS's U.S. Computer Emergency Response Team (U.S.-Cert) to scrutinize traffic across the government.

Mohan says most of these basic services are built upon the existing IP services already on Networx.

But Mohan says the optional services such as scanning e-mail and placing filters on agency networks to keep malicious e-mail off the network as well as forensic and storage capabilities also are available through MTIPS.

Mohan says AT&T must have MTIPS certified and accredited by Feb. 15 so they can begin offering these services to agencies.

"The government must do a security analysis of all the systems we use," Mohan says. "They also physically look at our security centers and look at physical and logical security. It is more of a question of scheduling than providing the capability."

Mohan says agencies can start working with AT&T now to determine their requirements under MTIPS.

"What an agency needs really depends on their circumstances," Mohan says. "Some agencies do a lot of public connection to the Internet and have a lot of services for the public, while others have a lot of internal traffic and relative small requirements to connect to the public Internet."

Mohan adds that AT&T already has received several inquires from agencies wanting to buy these services. Mohan recommends agencies do a make or buy analysis and then go from there.

-----

On the Web:

FederalNewsRadio - OMB adjusts target for Internet gateways

FederalNewsRadio - First Networx Task Order Protested

FederalNewsRadio - How Networx Figures So Far

Chief Information Officer's Council- TIC assessment presentation

(Copyright 2008 by FederalNewsRadio.com. All Rights Reserved.)