By Emelie Rutherford
A future version of the Einstein cyber-assault-monitoring system that may be able to “shoot down” attacks on federal government computers will be tested in the coming months, the outgoing Department of Homeland Security secretary said yesterday.
DHS is deploying a second iteration of its Einstein cyber-assault-monitoring system, which unlike the first version can conduct real-time detection, and is working on a third version that also could block malicious network activity, Director Michael Chertoff said at the end of a cyber-security wargame in Washington.
“We’re going to begin a live exercise of Einstein 3.0, I think, within the next six months, probably sooner rather than later,” Chertoff told the gathering of government and business officials.
The current Einstein 1.0 program, developed by the United States Computer Emergency Readiness Team (US-CERT) for government departments and agencies’ computers, only allows post-attack analysis.
“We (will) go from the ability to do forensics after an attack and determine that we had an attack and take remedial measures, to a real-time capability to detect in order to warn in real time, and ultimately the ability to detect and block in real time, which is the ability essentially to shoot down the enemy before the enemy reaches its target,” Chertoff said.
“As you consider what we face in the civilian domain, you realize only if we take these steps can we begin to move out of our current system, where we are hostages to the weakest link in the network, into a system where we have a high confidence level that we can monitor what comes into federal domains and make sure we can stop a problem before it actually comes to fruition,” he said.
Chertoff called the initial Einstein program “CSI Miami on the Internet.” After cyber invasions hit government computers, officials can use the program to learn what happened and how to remediate it.
“That’s not the best way to deal with this,” he said. Thus, DHS now is deploying Einstein 2.0 within the department, while also “looking into deploying it in other places around the government,” he said.
Einstein 2.0, he said, “detects in real time using certain capabilities to look at either the characteristics of the flow or some of what might be in the packets, in order to see malicious code as it’s coming into the network.”
But because this setup doesn’t allow for more than warnings, DHS is experimenting with Einstein 3.0, which it is “looking to deploy, at least in test mode,” Chertoff said.
“That equips the radar essentially with an anti-missile, or an anti-malware, defense that actually enables us to stop it, which, of course, is the desired end-state,” Chertoff said.
The outgoing DHS director did not himself participate in the wargame. Called the Cyber Strategic Inquiry, it was hosted by the Booz Allen Hamilton consulting firm and the Business Executives for National Security group at the Ronald Reagan Building and International Trade Center. For the two-day activity 230 government and business participants broke into stakeholder teams that represented the government, including the Defense Department, as well as business and civil society. Participants reacted to simulated cyber attacks.
“I think the biggest issue is, this is not something the government can do for us, we’re all in the game,” Booz Allen Senior Vice President Mark Gerencser said after the wargame. “Industry can no longer outsource this to the government and say, ‘Keep me protected.’…We’ve got to get industry to play. Industry has to elevate the security issue to a strategic level.”