EINSTEIN is Probably the Wrong Name for the Government’s Very Flawed Cybersecurity System

The Government Accountability Office rips the $6-billion-dollar system.

<a href="http://www.istockphoto.com/photo/tired-in-the-office-gm175211748-21872440?st=ba54c3f">ByeByeTokyo</a>/iStockPhoto

Fight disinformation: Sign up for the free Mother Jones Daily newsletter and follow the news that matters.


The government relies on a system called EINSTEIN, or the National Cybersecurity Protection System, to detect and stop the rising numbers of cyberattacks on its computers. But a new report from the Government Accountability Office says EINSTEIN is falling far short of expectations.

The latest version of the $6-billion-dollar system, which rolled out in 2013, was designed to both detect suspicious cyber activity and prevent anything harmful from entering or leaving government computer networks. But the GAO says the system gives its users only “a limited ability to detect potentially malicious activity entering and exiting computer networks at federal agencies.” And when the GAO tested EINSTEIN, the system could only identify six percent of the common vulnerabilities in programs typically used on federal computers, including Microsoft Office and Internet Explorer.

The system is also falling short on helping agencies share information about cyber threats. The GAO found that only 5 of 23 federal agencies are actually using the “intrusion prevention” parts of the EINSTEIN system, which actively try to block malicious content. The information gained from those agencies helps recognize patterns that the system can use to improve and identify other similar attacks. The smaller the pool of data, the less effective the system can be. The information-sharing process itself also appears to be a mess. “DHS has yet to develop most of the planned functionality for NCPS’s information-sharing capability,” the report said. “Moreover, agencies and DHS did not always agree about whether notifications of potentially malicious activity had been sent or received, and agencies had mixed views about the usefulness of these notifications.”

A classified version of the report was released in November, but a declassified version was released on Thursday by the GAO. It came just days after the government announced the formation of a new agency to handle background checks after two massive hacks struck the Office of Personnel Management. The hacks, believed to be the work of the Chinese government, stole the highly sensitive background investigation forms of more than 20 million federal employees. After the attacks became public knowledge last year, the government’s cybersecurity defenses came under withering scrutiny from congressional overnight committees. This week’s report isn’t likely to help.

A BETTER WAY TO DO THIS?

We have an ambitious $350,000 online fundraising goal this month and we can't afford to come up short. But when a reader recently asked how being a nonprofit makes Mother Jones different from other news organizations, we realized we needed to lay this out better: Because "in absolutely every way" is essentially the answer.

So we tried to explain why your year-end donations are so essential, and we'd like your help refining our pitch about what make Mother Jones valuable and worth reading to you.

We'd also like your support of our journalism with a year-end donation if you can right now—all online gifts will be doubled until we hit our $350,000 goal thanks to an incredibly generous donor's matching gift pledge.

payment methods

A BETTER WAY TO DO THIS?

We have an ambitious $350,000 online fundraising goal this month and we can't afford to come up short. But when a reader recently asked how being a nonprofit makes Mother Jones different from other news organizations, we realized we needed to lay this out better: Because "in absolutely every way" is essentially the answer.

So we tried to explain why your year-end donations are so essential, and we'd like your help refining our pitch about what make Mother Jones valuable and worth reading to you.

We'd also like your support of our journalism with a year-end donation if you can right now—all online gifts will be doubled until we hit our $350,000 goal thanks to an incredibly generous donor's matching gift pledge.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate