The Homeland Security Department is kicking off Cybersecurity Awareness Month by playing doctor — of sorts.
DHS recently launched new technologies to gauge the health of agency computers and networks.
Phyllis Schneck, the deputy undersecretary of cybersecurity and communications at the Homeland Security Department, said the EINSTEIN intrusion detection and prevention system is a key piece of that effort, but over the last few months, more and better tools have come online.
Insight by Okta: This exclusive e-book highlights how identity and access management will continue to evolve as agencies face more aggressive cyber threats while keeping data and systems accessible.
Schneck said DHS recently rolled out new tools that look behaviorally, analytically and statically at traffic flows so they can begin to stop things they haven’t yet seen.
“We are going from pure vaccines or signatures to an actual immune system that supports the cyber ecosystem,” she said. “The things that our immune system can engage itself to block, we can share that because unlike the human body, we are just a set of computers.”
One of the more advanced cyber tools is Einstein 3 Accelerated and it’s getting rolled out across the government.
“E3A actually flags the bad guys and blocks the bad guys. One of the things that’s most special about this program is it takes these actions in a way the private sector can’t. It takes these actions based somewhat on classified information, which is new. This has never been able to be done before,” Schneck said in an interview with Federal News Radio. “So as we look at how we build this out, part of the infrastructure build we had to do is to be able to enable that and part of that is to have the platform because, again this is only for the federal civilian agencies, and hand-in-hand with our privacy and civil liberties experts, but we do have the ability to look at the traffic that comes in and out of our federal agencies. And that helps us understand if there are bad guys in there that haven’t been known before that we can detect based on traffic flow patterns. And then in the spirit of See-Something-Say-Something, immediately warn everybody else, both in the federal civilian government as well as in industry to include academia and our state and local stakeholders.”
DHS is rolling out EINSTEIN version 3A to more and more agencies. DHS said in June in the aftermath of the massive data breach suffered by the Office of Personnel Management, that it was accelerating the implementation of EINSTEIN 3A tools across the government. As of June, EINSTEIN 3A was up and running for about 45 percent of the government — 20 percent more than nine months ago.
DHS asked for $480 million in its fiscal 2016 budget request for network security deployment to protect governmentwide networks. That includes the EINSTEIN 3 Accelerated program.
Schneck said DHS has heard the criticism of E3A that it only stops known security threats. But she compared EINSTEIN to a vaccination — Schneck said if you don’t get your shots you are more likely to get sick, so if you have a tool that stops known computer viruses, why not protect yourself?
“That is what E3A was designed to do and the beauty of this program is the ability to do that with this that very special, classified information as well as giving the federal government the situational awareness on the bad guys that are trying to come into the federal agencies,” she said. “The program itself is part of a defense in-depth or layered security strategy.”
Schneck said the new technologies are helping DHS better understand Web traffic trends and ask the computer to look for the proverbial “needle in the haystack.”
“That computer will find that trend. It can often indicate, for example, a sender that perhaps we shouldn’t accept traffic from even if we don’t have a signature yet. And if that turns out to be true, we can share that, for example, machine address with all of our other agencies, and certainly with our private sector stakeholders,” she said.
And now DHS has more capabilities to share cyber threat indicators in real time through its National Cybersecurity Communications and Integration Center (NCCIC).
She said DHS delivered those new tools five weeks earlier than expected.
“We now have the ability to send out in real time cyber threat indicators. Again, not personnel information, we are working with the interagency, with privacy and civil liberties experts. We are looking at how we send out at machine speed, machine-to-machine indicators or descriptions of those things that might indicate a cyber threat is coming to that machine,” Schneck said. “So, for example, if someone else’s immune system has discovered a cold, imagine the power of a person that’s able to mail that immunity to all of their closest friends. What we are doing is that in machine time. We are building an immunity system that we can push out at the very speed of machines.”
Schneck said DHS is working with industry and other experts to create a “human community” as well as relying on the machines.
This idea of a human community is at the center of DHS’s plans for National Cybersecurity Awareness Month, which started Oct. 1.
Schneck said DHS plans five themed weeks focusing on different focus areas.
DHS began the month by focusing on general cybersecurity awareness, highlighting the five-year anniversary of the “Stop.Think.Connect.” campaign.
President Barack Obama signed a presidential proclamation Sept. 30 in recognition of National Cybersecurity Awareness Month.
“It is the responsibility of every American to proactively defend our digital landscape. The Department of Homeland Security’s ‘Stop.Think.Connect.’ campaign is designed to inform our citizenry of the dangers posed by cyber threats and to provide the tools needed to confront them,” the President wrote. “I urge all Americans to take measures to decrease their susceptibility to malicious cyber activity, including by choosing stronger passwords, updating software, and practicing responsible online behavior.”