Tag Archive for: einstein

Sens. Seek Info on Cyber Defenses and EINSTEIN Limitations – MeriTalk

/in


In a letter to top Federal cybersecurity experts, Homeland Security and Governmental Affairs Chairman Sen. Gary Peters, D-Mich., and Sen. Rob Portman, R-Ohio, ranking member on the committee, are requesting information on how U.S. cyber defenses were unprepared for the recent SolarWinds Orion and Microsoft Exchange compromises and on the limitations of the EINSTEIN system.

“As our hearing highlighted, there is no easy solution to advanced persistent cyber threats,” the senators wrote. “Time and again this Committee has discussed the challenges of defending against sophisticated, well-resourced, and patient cyber adversaries.  Nevertheless, the fact remains that despite significant investments in cyber defenses, the federal government did not initially detect this cyber-attack.”

Acting Director of the Cybersecurity and Infrastructure Security Agency (CISA) Brandon Wales and Federal CISO at the Office of Management and Budget (OMB) Chris DeRusha were each sent a letter. The two experts recently gave testimony to the committee as part of their investigation into the hacks.

The hearing also highlighted limitations of the EINSTEIN intrusion detection and intrusion prevention system, which “sits on the perimeter of civilian Federal agencies’ computer networks.” With the authorization for the Department of Homeland Security to operate EINSTEIN lapsing on Dec. 18, 2022, the senators want to work with CISA on determining whether and how to reauthorize the program to address limitations.

“Mitigating vulnerabilities and reducing legacy information technology that serve as open doors to malicious hackers is also important, the senators wrote. “So will be deterrence efforts that create real-world consequences for cyber-attacks against the United States— investigation, attribution, prosecution, and sanctions.”

They added that “at the national level, our cybersecurity strategy will require careful consideration of the appropriate role of the Federal government, companies, and citizens in cyber defense, especially when it comes to nation-state actors with near unlimited resources and time.”

Source…

In search of a smarter Einstein — GCN

/in


layered cybersecurity (PATTYARIYA/Shutterstock.com)

In search of a smarter Einstein

  • By Justin Katz
  • Feb 02, 2021

Einstein is the Department of Homeland Security’s intrusion detection system. It observes traffic flowing in and out of federal networks, allowing the government to target threats identified by a database of known malware. That makes it unlikely Einstein ever could have detected the malware implanted into SolarWinds Orion because it was delivered to agency networks through a trusted update.

However, overhauling Einstein to identify unknown or zero-day threats would be far too costly, cybersecurity analysts said. The most viable path forward, they argued, would be to install new capabilities, necessarily bolstered by private industry.

Kiersten Todt, formerly executive director of the Commission on Enhancing National Cybersecurity, was blunt about Einstein’s record. “There are no real strong success stories of Einstein,” she said. “When you look at what happened with SolarWinds, they essentially outsmarted Einstein.”

“The challenge with detecting activity like the SolarWinds hack is that the hack is accomplished through ‘authorized’ malware,” said Philip Reitinger, president and CEO of the Global Cyber Alliance.

To detect that malware, a defensive system would either have to deny all communications that are not explicitly whitelisted or establish a user activity baseline capable of singling out abnormalities for investigators to pursue. “That can be difficult to do and resource intensive,” he added.

Michael Hamilton, a former vice chair for a government coordinating council focused on critical infrastructure protection, described a similar method as the most likely way forward for DHS to improve Einstein. Although its precise capabilities are classified, Hamilton speculated the program’s age — Einstein was originally developed in 2003 — is a sign it may not be baselining user activity in the way he and Reitinger described.

Hamilton said that “it’s not likely they throw it out and start over,” noting the program’s sunk costs. “My understanding is that it cost $6…

Source…

Einstein Would Have Used a Mac.  John Lennon, Too. (John Paczkowski/Digital Daily)

/in

John Paczkowski / Digital Daily:
Einstein Would Have Used a Mac.  John Lennon, Too.  —  Steve Jobs in a turtleneck and shorts?  —  What a great bit of history this is, and a nice Friday diversion.  In the video embedded below, the Apple (AAPL) CEO introduces the company’s 1997 Think Different campaign.

Read more

Imagination can lead to creation – Tulsa World

/in

A mother once asked Albert Einstein how to raise a child to become a genius. Einstein advised her to read fairy tales to the child.

Read more