DHS head defends cyber defenses after critical watchdog report

Greg Nash

Homeland Security Secretary Jeh Johnson over the weekend defended the government’s main cyber defense system after a government audit knocked the $6 billion technology as falling far short of its expectations.

Johnson said the so-called “Einstein” program has considerably improved the government’s ability to detect hackers.

“Einstein has in fact proven invaluable to identify significant incidents,” he said in a statement.

But the Department of Homeland Security (DHS) head also cautioned that Einstein is still in its final stages of implementation, and even then is not meant to be “a silver bullet.”

“It does not stop all attacks, nor is it intended to do so,” he said. “It is part of a broader array of defenses.”  

Johnson was responding to a recent audit from the Government Accountability Office (GAO) that concluded Einstein was largely ineffective at thwarting hackers. The report echoed long-standing criticism from security experts who describe the program as a much-delayed boondoggle that is already outdated.

“While [Einstein’s] ability to detect and prevent intrusions, analyze network data, and share information is useful, its capabilities are limited,” the report said.

The GAO explained that the program, officially known as the National Cybersecurity Protection System (NCPS), mostly scans government networks for known hacking threats. It is unable to search for odd network traffic behavior that security experts say is how advanced software detects more sophisticated digital assailants.

Einstein, the report said, “cannot detect anomalies in certain types of traffic.”

The GAO findings also dinged the DHS for its “manual and largely ad hoc” approach to sharing cyber threats with other agencies, and for not having proper metrics to track Einstein’s success.

“Until [Einstein’s] intended capabilities are more fully developed, DHS will be hampered in its abilities to provide effective cybersecurity-related support to federal agencies,” the GAO said.

Johnson did not dispute the GAO’s findings. But he did stress that Einstein has been rolled out in several phases. Each step has advanced the government’s ability to defend its networks from cyberattacks, he said.

After several years, the first two phases of Einstein are now fully deployed across the entire government, Johnson explained, allowing officials to “detect cybersecurity threats.”

The final phase of Einstein — Einstein 3A  — will soon give the program some of the capabilities that the GAO says it lacks, Johnson explained.

Einstein 3A “has the ability to actively block — not just detect — potential cyber attacks,” he said.

The DHS head also noted that his agency has dramatically sped up the 3A rollout in the wake of last summer’s massive hacks at the Office of Personnel Management (OPM), which comprised over 20 million people’s sensitive data.

Einstein is now protecting half of the government, up from 20 percent a year ago, Johnson said.

When the final stage is complete, Einstein will become “a platform for new technologies to protect the government,” he said.

That will allow the government to integrate technologies that can search for traffic anomalies and “detect never-before seen attacks,” Johnson added.

Congress has also approved legislation that backers say will help strengthen Einstein and address the GAO's concerns.

The so-called Federal Cybersecurity Enhancement Act was passed late last year as part of Congress's major cybersecurity bill that was signed into law in December.

The measure officially authorized Einstein for the first time, and ordered an accelerated rollout of its final phase.

The bill also enhances Einstein oversight and requires the DHS to integrate leading private-sector technology with Einstein, an attempt to address the criticisms that Einstein is behind the times.

"This measure addresses several of the concerns raised by the recent Government Accountability Office report," said Sen. Tom CarperTom CarperYahoo hack spurs push for legislation Election-year politics: Senate Dems shun GOP vulnerables Overnight Healthcare: McConnell unveils new Zika package | Manchin defends daughter on EpiPens | Bill includes M for opioid crisis MORE (D-Del.), who originally introduced the bill with Sen. Ron JohnsonRon JohnsonGOP plan: Link Dems to an email scandal GOP senator: Dems making ‘concerted effort to produce fraudulent votes’ Club for Growth: Anti-Trump spending proved to be 'good call' MORE (R-Wis.), in a Monday statement. "In order to be successful, however, the administration must make Einstein's implementation across the federal government a top priority." 

— Updated 5:57 p.m.