Pierluigi Paganini June 09, 2015

After 4M records may have been stolen and Chinese hackers are the prime suspects, the US Govrecognizes the usefulness of the DHS EINSTEIN defense system.

After 4 million records may have been stolen and Asia-based hackers are the prime suspects, the government recognizes the usefulness of the DHS EINSTEIN defense system. At this time, the diagnostic of the EINSTEIN system is critical, considering the limitations to detect or protect against new threats. This particular problem is related to scalability and maintainability of legacy systems to the defense industry.

EINSTEIN system is characterized for many versions, starting with Einstein 2 –E2 and today, Einstein 3 –E3 is the most updated version of US defense system. EINSTEIN 3 (E3) is recognized as a system that manages highly classified data. Nonetheless, today the Office of Personnel Management (OPM) is requiring a prompt installation of Einstein 3 in civilian agencies for the period 2016 – 2018. US-CERT has deployed the capabilities of E3 since the beginning of 2015, in order to detect potential intrusions which occurred in April 2015, and officially had been compromised to OPM data in May 2015.

Analyzing the limitations of EINSTEIN 3, there is a problem of systems integration between DHS and US-CERT, governmental agencies, interagency partners and the private sector. Therefore, E3 must include in the current version, new updates, such as a sandboxing to prevent cyber-attacks using unknown malware.

Michael Brown, who contributed to the implementation of the Einstein technology in 2012 at the Department of Homeland Security, considered important to enhance visibility inside of networks and capabilities of different defense systems and programs, including E3.

“A recent Search-Security survey found that only 52% of respondents believed that signature-based defenses were “effective against the majority of today’s malware.” Reported by TechTarget

The continuous cyber-attacks and exponential cyber-intrusions to the infrastructures of government and important targets in the industry; represents an opportunity for different actors and atmospheres to react with possible development and implementation of cyber-weapons.

There is a new challenge for Einstein 3 with the five major Internet service providers in US –CenturyLink Inc., Level 3 Communications Inc., Sprint Corp, AT&T Inc. and Verizon Communications. Thus, E3 must guarantee visibility to detect cyber risks inside ISP’s networks.

In fact, the US Defense sector urges to get new alliances with Internet Companies towards to perform the best strategies to harmonize cyber threats and materialization of cyber-attacks.

“Banks and technology companies will need to buy cutting-edge technologies that can detect intruders inside networks and eject them quickly, before the data is gone.” Reported by Conservative Read

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]