Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

DHS use of deep packet inspection technology in new net security system raises serious privacy questions

Ellen Messmer | April 25, 2013
Department of Homeland Security is preparing to deploy a much more powerful version of its EINSTEIN intrusion-detection system that can capture e-mail content and personally identifiable data

Other recent public information also suggests whats occurred behind the scenes with EINSTEIN.

The U.S. General Accountability Office (GAO)  report titled Cybersecurity: National Strategy, Roles and Responsibilities Need to Be Better Defined and More Effectively Implemented, which was published in February of this year, says that  53 federal agencies are now using EINSTEIN 2 intrusion-detection sensors. It didnt state which ones.

The GAOs cybersecurity report says the EINSTEIN 2 project involved deploying sensors to inspect Internet traffic entering federal systems for unauthorized accesses and malicious content. EINSTEIN 3s goal is to identify and characterize malicious network traffic to enhance cybersecurity analysis, situational awareness, and security response.

According to the GAO report, DHS staff have also stated that the department is incorporating an EINSTEIN 3 accelerated (E3A) strategy that allows for accelerated deployment of intrusion-prevention services through an ISP-based managed security service.

According to DHS, the E3A approach represents a shift from DHSs previous partnership with the National Security Agency for implementation of National Security Agency-developed intrusion technology to a partnership between DHS and commercial providers for the utilization of commercial intrusion-prevention technologies, the GAO report states. But its not disclosed which ISPs or commercial providers are partnering on EINSTEIN 3.

The GAO report says the EINSTEIN program so far has helped DHS improve situational awareness of activity across the federal government, as  DHS developed performance measures to monitor and track agency responses to EINSTEIN alerts. For example, DHS is said to track when an agency respond to an alert, and the length of time of each alert.

However, the GAO report indicated DHS has a long way to go to have a fully effective IDS/IPS in EINSTEIN.

DHS stated that while it has made progress in developing its predictive analysis through the EINSTEIN program, it remains challenged in fully developing this capability, the GAO report said. DHS plans to test tools for predictive analysis across federal agencies and private networks and systems by the first quarter of fiscal year 2013.

The GAO report of February 2013 points out that in 2010, the DHS inspector general reported that the tools US-CERT used did not allow for real-time analyses of network traffic. The inspector general recommended that DHS establish a capability to share real-time EINSTEIN information with federal agency partners to assist them in the analyses of network traffic. The inspector general recommended that DHS establish a capability to share real-time EINSTEIN information with federal agency partners to assist them in the analysis and mitigation of incidents.

According to the GAO, in response to the inspector general report, DHS stated that while it plans to upgrade its capabilities to share real-time information with multiple stakeholders and better analyze cyber incidents,these capabilities are not expected to be fully operational until fiscal year 2018.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.