Warning: Parameter 1 to Language::getMagic() expected to be a reference, value given in /home/govitwik/public_html/w/includes/StubObject.php on line 58
Einstein Program - GovITwiki


Einstein Program

From GovITwiki

Jump to: navigation, search

The Einstein program is designed for intelligence-sharing through US-CERT. It provides incident information collection and situational awareness tools at selected federal agencies. The Einstein program provides an automated process for collecting, correlating, analyzing, and sharing computer security information across the federal civilian government.

For about three years, Einstein has been monitoring the network gateways of only those agencies who have agreed to participate in the program. The system looks for traffic patterns that show the evidence of computer worms or other suspicious traffic. By compiling information summaries on the traffic and sharing it across multiple systems, the Einstein program gives US-CERT analysts and agency IT security officers broad view of malicious activity on government networks.

The system also allows US-CERT’s security monitors use view Einstein data and correlate multi-agency security events. Organizations who participate have access to a secure Web portal where they can review information about traffic on their own network gateways.

The Einstein program is not meant to replace an agencies own security filtering or intrusion-detection systems. what it does do is provide round-the-clock monitoring which enables agencies to be aware of activity in other parts of the connected federal networks, especially when it has an impact on their own systems.

It's currently deployed to nine federal agencies; US-CERT plans to deploy Einstein to an additional 10 to 15 agencies in fiscal year 2008, with a goal of deploying it to all cabinet level and critical independent federal agencies. According to DHS officials, Einstein has greatly reduced the time for the federal government to gather and share critical data on computer security risks (from 5 to 7 days to 4 to 5 hours). Further, the officials stated that Einstein has the potential to reduce data collection and information sharing to under 2 hours, allowing for vast improvements in governmental cyber response and recovery times. If properly implemented and expanded as planned, DHS’s efforts in this program could strengthen its cyber threat analysis and warning capability. However, DHS has not yet fully implemented our original recommendations, particularly in implementing such a capability beyond the federal environment. [1]

Notes

[1]DHS seeks to expand information-sharing program, GovExec.com

Personal tools