The Homeland Security Department’s Einstein intrusion prevention and intrusion detection program was falling behind the technology curve. The agency was depending on hardware that had become out of date before many departments got a chance to use it.
Mark Weatherford, the DHS under secretary for cybersecurity in the National Protection and Programs Directorate, changed the focus of the program about a year ago.
“I looked at the program and said the technology has moved on and we need to figure out a way to get the technology for intrusion prevention out there faster for civilian agencies,” Weatherford said Tuesday during an exclusive interview on In Depth with Francis Rose as part of Federal News Radio’s Agency of the Month series. “We’ve been working with our federal partners, with the Defense Department and we’ve re-engineered the solution from a hardware- to a software-based platform. We’ve pushed it out more broadly where all federal agencies can participate in it almost immediately.”
He added the move to E3A (Einstein 3- Accelerated) still will be a multi-year effort, but DHS made the program more flexible so it can stay technologically relevant over the implementation timeline.
DHS began implementing Einstein in 2004 as a sensor and network flow management tool. It expanded Einstein to be an intrusion detection system and implemented it across at least 15 civilian agencies over the last four years.
The agency has been testing Einstein 3, which expands again to be an intrusion prevention tool, for the last few years.
Weatherford said E3A will help agencies move out a reactionary mentality.
“It’s hard to block something you don’t know exists,” he said. “We work very closely with the government agencies in issuing out and getting them threat and vulnerability information.”
He said because cybersecurity is getting so much attention across the government and on Capitol Hill, agencies are becoming more proactive in how they defend their networks and systems.
Changes to the workforce
Beyond tools like Einstein, DHS and other agencies need employees with the right skill sets.
Chris Cummiskey, DHS’ deputy under secretary for management, said the types of skills cyber workers need are changing.
“It ranges from watch-floor types of activities to analytics to forensics,” he said.
Weatherford said his office is hiring people with hard skills, the type one gets from banging on a keyboard, breaking it open and then putting it back together again.
“What we really look for are those with deep technical skills, but can also analyze an event,” he said. “You really look for people who look at problems differently. Many of these skills are the kind that can’t be taught, but take a lot of experience.”
Finding these types of people isn’t easy and nearly every agency and private sector firm is competing for their services.
Cummiskey said DHS is taking advantage of special hiring authority the Office of Personnel Management granted them a few years ago. The authority lets DHS speed up the hiring process in order to place cyber workers and not lose them to the competition.
The other approach to finding the right workers is offering them interesting work.
“We want to be in the same cadre as DoD, the FBI and others,” he said. “If you are really serious about a career in this, you will stop at DHS and spend a few years.”
Weatherford said the mission space around cybersecurity is vast at DHS.
“There are not many places you go in the government or in the private sector in the cybersecurity arena where you can get the breadth of experience that you get,” he said. “That really is a big draw for us. I talk to people and tell them to come work at DHS as a stop in your private sector career.”
He said having someone work in the private sector, come to government and then eventually go back to the private sector is beneficial to all because they get to see cybersecurity from the different perspectives.
Weatherford’s office has been hiring hundreds of cyber professionals, but also has faced a fair amount of turnover.
Over the last year, DHS lost five senior officials, and since January, four new senior executives have come to DHS. Since the fall, almost the entire management team that oversees cybersecurity in NPPD is new.
Weatherford said he doesn’t think the changes at NPPD are any different than other agencies or in the private sector, however.
“We want to create a work environment where people can feel fulfilled without burning them out,” he said. “We had a significant part of leadership team vacant when I got here almost 10 months ago. A lot of that was natural turnover, and some people made (it a) bigger deal than it was. But now we have a team in place that are career professionals and they are hiring people and building a team that will go into the future. I’m less concerned about the turnover.”
Cummiskey said the progress DHS has made around cyber is a microcosm of the growth across all facets of the agency.
He said when he came to DHS, they had 185 performance measures, but now it’s down to 75-to-80 across its mission areas.
Cummiskey said as the department continues to mature, things such as improving performance measurement or bringing acquisition, technology and business requirements closer together are becoming easier.