Homeland Security Secretary Jeh Johnson has said cybersecurity is a top priority for the department — right alongside counterterrorism. So, after news outlets reported on a recent critical review from the Government Accountability Office, Johnson released a statement defending the department's premiere cybersecurity tool: Einstein.
Agency and program managers are required to comment on GAO and inspector general reports but it is rare to have a secretary release a statement in response to an individual report.
Johnson did not dispute any of GAO's claims. Rather, he pointed to the program's successes (which were also noted in the report) and where it is headed in the near- and long-term.
"The first two phases of the Einstein program have been deployed across all federal civilian departments and agencies," he said. "This now allows us to detect cybersecurity threats and Einstein has in fact proven invaluable to identify significant incidents."
The third phase — dubbed Einstein 3 Accelerated, or E3A — by blocking malicious traffic. Though, as both GAO and Johnson note, the system can only block known threat vectors. Even so, the secretary said E3A has blocked some 700,000 attacks to-date and is available to all government agencies.
Johnson said DHS is working to improve the system, as well, with the goal of eventually block 0-day threats, as well as known attacks.
"Einstein also provides a platform for new technologies to protect the government," he said. "I have therefore directed our team to research and build capabilities that will allow us to detect never-before-seen attacks, leveraging the best of government and private sector technology and expertise."
The department has awarded a number of contracts recently to boost Einstein, including bringing in the major Internet service providers to wrangle malicious traffic early and awarding a $1 billion, five-year contract to develop new capabilities.
"The Einstein system is not a silver bullet," Johnson said. "It does not stop all attacks, nor is it intended to do so. It is part of a broader array of defenses."
Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.