How Einstein Protects Government Computer Networks

Ever wondered what the Department of Homeland Security (DHS) is doing to protect government networks and what you can do too? Government networks are some of the most highly targeted sites by cyber terrorists. They come under attack hundreds of times per year. To protect government assets DHS uses a network flow monitoring system called Einstein 1 and a system called Einstein 2 – an intrusion detection system.

DHS is in charge of monitoring the .gov domain for potential threats and works with several non-federal partners in various network security programs. While primarily focused on federal networks, DHS is now branching out to deploy Einstein on civilian and state networks in partnership programs under the auspices of DHS’ U.S. Computer Emergency Readiness Team (CERT).

Philip Reitinger, Deputy Under Secretary, National Protection and Programs Directorate, DHS, has said a third version of Einstein with more advanced technology is envisioned that would be an intrusion prevention system across civilian networks and systems. The additional surveillance and intrusion response capability would give the government better awareness to protect the public, according to Mr. Reitinger.

In addition to Einstein 3, DHS has a variety of other initiatives under way to enhance the cyber security of federal and civilian networks including:

  • Consolidating agencies’ external Internet connections to reduce the number of entry points for potential outside threats
  • Developing a supply chain risk management framework to address security threats and vulnerabilities that could be introduced into hardware and software acquired by federal agencies
  • Establishing the Industrial Control Systems Cyber Emergency Response Team facility, to synchronize incident response activities related to attacks on control systems operating the Nation’s critical infrastructure
  • Initiating an information-sharing pilot working with the Financial Services Information Sharing and Analysis Center to enhance threat information sharing with the financial services sector

So what we learn from the DHS programs is that a solid network security plan will include: (1) a network security system that monitors, detects and prevents intrusions; (2) a strategy of reducing access points (network nodes, connections, rogue devices, multiple software packages used by end users); and (3) collaboration with trusted security partners to share incident response and threat information.