White House defends Einstein firewall
A Government Accountability Office audit found flaws in the Einstein intrusion-detection system, but White House cybersecurity coordinator Michael Daniel defended the program.
Michael Daniel defended the multibillion-dollar Einstein program and said, "It's not something that we can walk away from."
Obama administration officials are defending the multibillion-dollar intrusion-detection program known as Einstein after a Government Accountability Office audit found it far from sufficient for federal cyber defense.
"I still find Einstein to be a very credible and solid piece of our defenses, and...it's not something that we can walk away from," Michael Daniel, President Barack Obama's top cybersecurity adviser, told reporters on Feb. 11.
The federal government operates an "incredible array of legacy systems that if we were in the private sector we would probably just write off," Daniel said at the New America think tank in Washington. "But the government can't just do that," he added while defending the need for the signature-based threat-detection program that is now in its third iteration.
The GAO report found that Einstein provides a "limited ability to detect potentially malicious activity entering and exiting computer networks at federal agencies." Furthermore, the program "does not monitor several types of network traffic, and its 'signatures' do not address threats that exploit many common security vulnerabilities and thus may be less effective."
Daniel would not comment when asked if he agreed with GAO's findings.
Phyllis Schneck, the Department of Homeland Security's deputy undersecretary for cybersecurity and communications, said Einstein draws on classified information to block intrusions, which gives the system an advantage over private-sector programs.
When she joined DHS from McAfee in 2013, she said set about studying the Einstein program and concluded that its underlying technology was sound but older than officials had assumed.
Nonetheless, the program's comprehensive view of inbound and outbound traffic at civilian agencies is vital because of the situational awareness it provides, Schneck said.
After the massive breach of Office of Personnel Management systems exposed the personal information of some 22 million people, administration officials touted Einstein as part of what they said was their proactive approach to cybersecurity.
In July 2015, DHS Secretary Jeh Johnson ordered the acceleration of Einstein's deployment at agencies. In a statement responding to GAO's new report on Einstein, he said the program's third iteration -- Einstein 3a -- is now available to "100 percent of the government" and has blocked more than 700,000 cyberthreats.
A confidential report by DHS and the FBI on lessons learned from the OPM hack advises that moving beyond a signature-based threat-detection system would increase an agency's ability to cope with sophisticated threats.
Administration officials have long emphasized that Einstein is only a tool and not a panacea. The program is part of much larger defense-in-depth strategy at federal agencies, Schneck said.