DHS To Pilot Enhanced Network Intrusion Prevention Technology

The Department of Homeland Security (DHS) will be partnering with a government agency and an internet service provider to trial an enhanced and upcoming version Einstein, a system used to help secure the networks of certain federal departments and agencies.According to a Privacy Impact Assessment (PIA) released (.PDF) last week by the DHS, the latest version of the system, known as Einstein 3, will not only identify potential attacks, as the previous versions did, but also block them. From the description in the PIA: "EINSTEIN 3, will draw on commercial technology and specialized government technology to conduct real-time full packet inspection and threat-based decision-making on network traffic entering or leaving these executive branch networks. The goal of EINSTEIN 3 is to identify and characterize malicious network traffic to enhance cybersecurity analysis, situational awareness and security response."

The pilot will use combinations of early versions of Einstein plus new intrusion prevention technologies, as well as technologies developed by the NSA. The pilot will demonstrate the viability of a commercial ISP and a government agency for the US-CERT to apply intrusion detection and prevention technology on that traffic.

Some of the threats the system aims to identify and possibly block are phishing attacks, IP spoofing, botnets, denials of service, distributed denials of service, man-in-the-middle attacks, and other types of malware.

The system will also help support more security data sharing:

"The EINSTEIN 3 system will also support enhanced information sharing by US-CERT with federal departments and agencies by giving DHS the ability to automate alerting of detected network intrusion attempts and, when deemed necessary by DHS, to send alerts that do not contain the content of communications to the NSA so that DHS efforts may be supported by NSA exercising its lawfully authorized missions."

Such deep analysts of network traffic by the government will certainly raise privacy concerns. Last summer, the Center for Democracy and Technology (CDT) issued a report that called on the government to release information about the role the NSA will have in building and running Einstein 3. The PIA on Einstein 3 may not answer all of the CDT's questions on privacy, but it's the most detailed information on Einstein 3 I've yet to be able to find.