A secret federal audit substantiates a Senate committee’s concerns about underuse of a governmentwide cyberthreat surveillance tool, the panel’s chairman says.
The intrusion-prevention system, named EINSTEIN 3 Accelerated, garnered both ridicule and praise following a hack of 21.5 million records on national security employees and their relatives. The scanning tool failed to block the attack, on an Office of Personnel network, because it can only detect malicious activity that people have seen before.
At OPM, the attackers, believed to be well-resourced Chinese cyber sleuths, used malware that security researchers and U.S. spies had never witnessed.
Still, EINSTEIN came in handy, according to U.S. officials, after the OPM malware was identified through other monitoring tools. The Department of Homeland Security loaded EINSTEIN with the “indicators” of the attack pattern so it could scan for matching footprints on other government networks.
But it has been a challenge to really gauge EINSTEIN’s smarts, when less than half of the civilian government is using the technology. Some agencies are reluctant to share citizen data in their custody with DHS, the operator of EINSTEIN.
The Senate Homeland Security and Governmental Affairs Committee wants all agency networks to be monitored by EINSTEIN to prevent another nation state attack.
And they say a classified Government Accountability Office report proves agencies still are not on board with the program, even after data breaches over the past two years at the departments of Interior and Energy, the U.S. Postal Service, the White House, background check providers and a list of other government offices too…