Homeland Security’s expensive – but highly flawed – cybersecurity firewall

(Cyberwar.news) For $6 billion, you’d think that the Department of Homeland Security would be able to purchase the best cybersecurity firewall in existence. But apparently that’s not the case, and maybe taxpayers were expecting too much from the same administration that spend more than $2 billion to build a [non-functioning] healthcare insurance exchange web site.

As reported by Defense One, the firewall – known as EINSTEIN – was meant to detect and thwart hack attacks by nation-states, but an new audit of the system found that it is wholly ineffective.

According to a sanitized version of the secret audit, the firewall is designed to pick up on attack patterns known as signatures in order to detect suspicious activity, but it doesn’t scan for some 94 percent of common vulnerabilities or check Web traffic for malware, as noted by the Government Accountability Office’s report posted online [PDF].

Those shortcomings are just a few of the many found by GAO during its EINSTEIN performance audit. Besides failure to detect, the system is only operational at five of the 23 major non-defense government agencies.

Defense One noted that the secret audit came at the request of Congress in November 2015. Lawmakers requesting the secret audit of EINSTEIN, formally known as the National Cybersecurity Protection System, or NCPS, believed it would turn up such discrepancies and also note that the system has yet to be deployed across the government.

“The newly released audit corroborates their views and points out other misaligned objectives and technologies in a $6 billion project DHS cannot say helps combat hackers, according to auditors,” Defense One reported.

“Until NCPS’ intended capabilities are more fully developed, DHS will be hampered in its abilities to provide effective cybersecurity-related support to federal agencies,” GAO director of information security issues, Gregory C. Wilshusen, and Nabajyoti Barkakati, director of the GAO Center for Technology and Engineering, said in the audit.

The GAO focused efforts on the departments of Veterans Affairs, Energy, General Services Administration, the Nuclear Regulatory Commission and the National Science Foundation.

“The overall intent of the system was to protect against nation-state level threat actors,” according to the audit, however the system missed regular, advanced threats.

The audit further noted:

The capability of NCPS to prevent intrusions (e.g., blocking an e-mail determined to be malicious) is limited to the types of network traffic that it monitors. For example, the intrusion prevention function monitors and blocks e-mail. However, it does not address malicious content within web traffic, although DHS plans to deliver this capability in 2016.

In all, GAO recommended nine actions that DHS take in order to make EINSTEIN more effective and perform as intended. The agency said its recommended actions would “enhance NCPS’s capabilities for meeting its objectives, better define requirements for future capabilities, and develop network routing guidance.”

Further, “DHS concurred with GAO’s recommendations,” the agency audit said.

The audit comes as federal systems have increasingly come under cyber attack from nation-states like North Korea, Iran and China. Also, the audit comes on the heels of news about foreign intrusion into public and private systems that control vital infrastructure like nuclear power and regular power plants, hydroelectric dams and water treatment plants.

Also, the Obama administration is still smarting over China’s alleged hack of the Office of Personnel Management, in which more than 21 million records and personal data on current and former government employees was compromised. Poor cybersecurity in lieu of easier access was said to be at the center of the OPM hack, officials have said.

See also:

Bloomberg News

Defense One

Government Accountability Office [PDF]

Cyberwar.news is part of the USA Features Media network of sites. For advertising opportunities, click here.

Materials reuse policy: Click here