After 4 million records may have been stolen and Asia-based hackers are the prime suspects, the government recognizes the usefulness of the DHS EINSTEIN defense system. At this time, the diagnostic of the EINSTEIN system is critical, considering the limitations to detect or protect against new threats. This particular problem is related to scalability and maintainability of legacy systems to the defense industry.
EINSTEIN system is characterized for many versions, starting with Einstein 2 –E2 and today, Einstein 3 –E3 is the most updated version of US defense system. EINSTEIN 3 (E3) is recognized as a system that manages highly classified data. Nonetheless, today the Office of Personnel Management (OPM) is requiring a prompt installation of Einstein 3 in civilian agencies for the period 2016 – 2018. US-CERT has deployed the capabilities of E3 since the beginning of 2015, in order to detect potential intrusions which occurred in April 2015, and officially had been compromised to OPM data in May 2015.
Analyzing the limitations of EINSTEIN 3, there is a problem of systems integration between DHS and US-CERT, governmental agencies, interagency partners and the private sector. Therefore, E3 must include in the current version, new updates, such as a sandboxing to prevent cyber-attacks using unknown malware.
Michael Brown, who contributed to the implementation of the Einstein technology in 2012 at the Department of Homeland Security, considered important to enhance visibility inside of networks and capabilities of different defense systems and programs, including E3.
“A recent Search-Security survey found that only 52% of respondents believed that signature-based defenses were “effective against the majority of today’s malware.” Reported by TechTarget
The continuous cyber-attacks and exponential cyber-intrusions to the infrastructures of government and important targets in the industry; represents an opportunity for different actors and atmospheres to react with possible development and implementation of cyber-weapons.
There is a new challenge for Einstein 3 with the five major Internet service providers in US –CenturyLink Inc., Level 3 Communications Inc., Sprint Corp, AT&T Inc. and Verizon Communications. Thus, E3 must guarantee visibility to detect cyber risks inside ISP’s networks.
In fact, the US Defense sector urges to get new alliances with Internet Companies towards to perform the best strategies to harmonize cyber threats and materialization of cyber-attacks.
“Banks and technology companies will need to buy cutting-edge technologies that can detect intruders inside networks and eject them quickly, before the data is gone.” Reported by Conservative Read
About the Author Francisco Javier Delgado Villarreal
Francisco Javier Delgado Villarreal is a Junior Business Continuity, Cybersecurity and Internet Governance Consultant. His professional experience in Information and Communication Technologies has been developed since 2009 in different arenas, such as International Organizations, Governments and private sector in Ecuador and abroad.
(Security Affairs – Einstein , defense)