DHS’ United States Computer Emergency Readiness Team (US-CERT),
developer of EINSEIN 3A intrusion detection and prevention system
In the aftermath of the OPM hack, which compromised the personal information of over 22 million people, and the subsequent resignation of OPM Director Katherine Archuleta, the Federal Government undertook a 30 day long initiative to shore up its cybersecurity. Federal Chief Information Officer (CIO) Tony Scott explained that federal-civilian agencies would increase their use of multistep verification, decrease the number of privileged users that have access to sensitive information, and patch known vulnerabilities (Boyd, 2015). After 30 days, all federal agencies will report their progress with respect to implementation of the added security features to OMB and DHS. Since the start of the sprint, CIO Scott announced federal agencies have increased their use of two factor verification by 20% overall with select agencies implementing 100% two factor verification for privileged users. With the assistance of DHS, federal agencies have patched more than 60% of known cyber vulnerabilities since May this year according to DHS Director Jeh Johnson.
In an Op-ed in Politico, Federal Cybersecurity Needs Improvement, Director Johnson revealed that many of the new cybersecurity procedures being enacted under the cyber sprint are part of a much larger government strategy to tackle cybersecurity. DHS’ National Cybersecurity and Communications Integration Center (NCCIC) will perform a critical information sharing and coordination role in future federal incident response. Johnson stated that NCCIC is also responsible for the management of EINSTIEN, an advanced intrusion detection and prevention system. The latest version, EINSTEIN 3A, is deployed by 15 federal agencies covering roughly 45% of all federal-civilian employees; DHS plans to assist in the deployment of EINSTEIN 3A across all federal agencies by the end of the fiscal year. The government has also permitted EINSTEIN’s providers, AT&T, CenturyLink, and Verizon, to market the software to private sector firms:
“The EINSTEIN technology is marketed under the brand name of Enhanced Cybersecurity Services, or ECS…More businesses are willing to accept the U.S. government’s help, after learning parts of their own workforces have been caught up in cyber espionage campaigns. Recent data breaches at health insurers, including Anthem, have been tied to the Chinese military, as has the OPM attack….After the OPM discoveries, there has ‘been an exponential increase’ in companies inking agreements with CenturyLink to roll out the commercial rendition of EINSTEIN” – Sternstein, 2015
As the federal government seeks to revamp its cyber security procedures, federal contractors will be faced with greater scrutiny in terms of safeguarding sensitive information. Federal investigators determined that the credentials used to gain access to OPM’s network were from KeyPoint systems, a contractor providing background check services to OPM. Cybersecurity firms have previously voiced concern over the current lack of cybersecurity measures instituted by defense contractors.
- Contractor breach gave hackers keys to OPM data, Aaron Boyd, 2015.
- Home Depot Has Better Cyber Security Than 25 US Defense Contractors, Aliya Sternstein, 2015.
- Suddenly, Everyone Wants the NSA’s Cyber Defense Tech, Aliya Sternstein, 2015.
- Feds on ’30-day sprint’ to better cybersecurity, Aaron Boyd, 2015.
- Cyber sprint increases use of two-factor authentication, Aaron Boyd, 2015.
- White House touts ‘cyber sprint’ successes, Cory Bennett, 2015.
- White House sprints to patch security flaws, Cory Bennett, 2015.
- Federal Cybersecurity Needs Improvement, Jeh Johnson, 2015.