The United States government plans on spending $5.7 billion by 2018 on a program called the National Cybersecurity Protection System (NCPS), also known as the Einstein program. It was launched in 2003 with its initial objective to help DHS detect intrusions in the networks of federal agencies.
The latest version of the NCPS, Einstein 3 Accelerated, is designed to deliver a wider range of capabilities, including intrusion detection and prevention, analytics, and information sharing. DHS has already spent $1.2 billion through fiscal year 2014.
Despite the time and money put into the program, an audit conducted by the Government Accountability Office (GAO) found that it only partially meets its objectives and not all federal agencies leverage its capabilities.
Its limited capabilities are due to the system only comparing traffic to known patterns or signatures, but does not detect deviations from normal behavior. It also does not monitor all types of traffic and commonly exploited vulnerabilities are not covered by its signature database. Also, the NCPS can block malicious email, but it cannot block malicious web traffic. DHS plans on implementing this capability in 2016 as well as enhancing its analytics capabilities.
Only 5 of the 23 agencies that were required to route their traffic through the NCPS benefited from intrusion prevention services.
I think it's a little ridiculous for the Government to have spent this much time and money into a program that produces these types of capabilities. We may never know the details as to why they've taken this long and spent this much money, but from the outside looking in, this is unacceptable.
The program started in 2003. If capabilities were fully developed then, would it have prevented the OPM, IRS, and Postal Service hacks? Maybe those recent hacks prompted the Government to kick it up a notch and pump more money into the program to develop it to its fullest potential. We can only hope they get it right this time and prevent future attacks.
Reference:
http://www.securityweek.com/dhss-einstein-security-system-has-limited-capabilities-audit
No comments:
Post a Comment