Highlights
– Cyber intrusion-detection system (IDS) to improve cyber-security for nearly six hundred federal agencies
– Increases in cyber attacks heightens urgency of detecting and defending against a multitude of cyber threats
– Einstein boxes could decrease the number of attacks reaching the network perimeter of federal agencies
United States (US) telecommunications carriers are deploying intrusion-detection systems dubbed Einstein boxes on their networks to strengthen the security of federal computer networks. Developed by the Department of Homeland Security (DHS), Einstein is an early warning system designed to detect worms and other malicious code entering federal networks. The move is part of the federal government’s Trusted Internet Connections (TIC) Initiative, which aims to strengthen vulnerable federal Internet access points with a standard suite of managed security services.
The initiative will likely help federal agencies combat the growing number of hacker attacks and malicious e-mail attachments targeting information technology (IT) security systems. The real-time nature of the system will allow security professionals monitoring agencies Internet Protocol (IP) traffic to detect known pre-attack techniques used by hackers and block their connections before they can discover exploitable vulnerabilities.
Providing Managed Security Services
Nearly all of the major US telecommunications carriers will be providing federal agencies with what the US General Services Administration (GSA) calls Managed Trusted Internet Protocol Services (MTIPS). The administration is awarding the MTIPS contracts through its massive Networx program, a 10-year, $20 billion federal telecom deal.
The outsourcing of IT network security services to the carriers is hailed as a cost effective measure by some government officials and the companies providing the services. Nevertheless, relying solely on the carriers to provide network security could instill a false confidence in safety, prompting more vulnerability to network security challenges. Any security vulnerabilities found with the Einstein software could leave federal agencies open to increased risk if the agency’s own security infrastructure does not stop the cyber attack or malicious e-mail.
Cyber Security Attacks Increasing
The US Computer Emergency Readiness Team (US-CERT) reported that federal agencies documented 18,050 cyber-security attacks in fiscal 2008, a three-fold increase from 2006. According to the director of US-CERT, the number of cyber incidents targeting agencies has risen steadily since 2006, partially because hackers have greater access to malicious software and agencies have improved their incident detection and reporting.
Recent reports highlight the vulnerabilities of federal civilian and military networks. On April 7, 2009 the US Strategic Command claimed the Department of Defense has spent over US$100 million over the past six months reacting to cyber-security incidences.
• On April 21, 2009 the Wall Street Journal reported that computer hackers had broken into computer systems storing data on the Pentagon’s US$300 Joint Strike Fighter project (Source). The hackers stole several terabytes of data related to design and electronic systems. News of the breach alarmed members of Congress, prompting a letter to Defense Secretary Robert Gates by the heads of the House Oversight and Government Reform committee last week requesting a briefing on the cyber-theft.
• In February 2009 the Federal Aviation Administration reported that hackers had breached one of its servers and stole 48 files, two of which contained information on 45,000 current and former FAA employees.
Outlook
Version 3 of Einstein is currently under development, with deployment expected over the remainder of the year. A representative from Qwest stated that its hardware will be installed and tested by July 2009 and the company will be providing services to the federal government by October 2009.
Implementing IT security and defense for federal agencies at the carrier’s point of presence will help decrease the number of attacks and malicious e-mail attachments reaching the network perimeter of federal agencies. The new Einstein deployments will automate the process for collecting, correlating, analyzing, and sharing computer security information across the federal civilian government and will aid in detecting and preventing ongoing attacks against agencies.