In what I believe is a surprise move for the Obama administration, Department of Homeland Security Secretary Jeh Johnson conceded to lawmakers last week that the US government is failing to adequately protect its IT assets from compromise:
“There is a great deal that has been done and is being done now to secure our networks,” Johnson said, according to prepared testimony. “There is more to do.”
The DHS “Einstein” program, the government’s main defense against cyberattackers, has drawn great scrutiny in the wake of the breach.
The Einstein system is intended to monitor the government’s networks and repel malicious actors, like those that cracked the OPM system.
But it is being knocked as outdated before it is even fully implemented.
While certain components of Einstein are in place, Einstein 3 Accelerated — or E3A — which both identifies and blocks known nefarious digital actors, only protects about 45 percent of the federal civilian government, Johnson said.
The agency head committed to making the program fully available by the end of 2015.
But even Einstein advocates admit the program is not sufficient. It lacks an ability to suss out hackers the government hasn’t previously encountered. That’s how the OPM hackers were not only able to sneak in, but roam around the network undetected for a full year.
E3A is a building block, Johnson insisted.
The program, he said, “is also a platform for future technologies and capabilities to do more. This includes technology that will automatically identify suspicious Internet traffic for further inspection, even if, as was the case with the OPM breach, we did not already know about the particular cybersecurity threat.”
Johnson also argued the DHS will offset these shortcomings with a “Continuous Diagnostics and Mitigation,” or CDM, program. CDM searches for digital intruders after they have already broken into the network.