EINSTEIN is Probably the Wrong Name for the Government’s Very Flawed Cybersecurity System

The Government Accountability Office rips the $6-billion-dollar system.

<a href="http://www.istockphoto.com/photo/tired-in-the-office-gm175211748-21872440?st=ba54c3f">ByeByeTokyo</a>/iStockPhoto

Facts matter: Sign up for the free Mother Jones Daily newsletter. Support our nonprofit reporting. Subscribe to our print magazine.


The government relies on a system called EINSTEIN, or the National Cybersecurity Protection System, to detect and stop the rising numbers of cyberattacks on its computers. But a new report from the Government Accountability Office says EINSTEIN is falling far short of expectations.

The latest version of the $6-billion-dollar system, which rolled out in 2013, was designed to both detect suspicious cyber activity and prevent anything harmful from entering or leaving government computer networks. But the GAO says the system gives its users only “a limited ability to detect potentially malicious activity entering and exiting computer networks at federal agencies.” And when the GAO tested EINSTEIN, the system could only identify six percent of the common vulnerabilities in programs typically used on federal computers, including Microsoft Office and Internet Explorer.

The system is also falling short on helping agencies share information about cyber threats. The GAO found that only 5 of 23 federal agencies are actually using the “intrusion prevention” parts of the EINSTEIN system, which actively try to block malicious content. The information gained from those agencies helps recognize patterns that the system can use to improve and identify other similar attacks. The smaller the pool of data, the less effective the system can be. The information-sharing process itself also appears to be a mess. “DHS has yet to develop most of the planned functionality for NCPS’s information-sharing capability,” the report said. “Moreover, agencies and DHS did not always agree about whether notifications of potentially malicious activity had been sent or received, and agencies had mixed views about the usefulness of these notifications.”

A classified version of the report was released in November, but a declassified version was released on Thursday by the GAO. It came just days after the government announced the formation of a new agency to handle background checks after two massive hacks struck the Office of Personnel Management. The hacks, believed to be the work of the Chinese government, stole the highly sensitive background investigation forms of more than 20 million federal employees. After the attacks became public knowledge last year, the government’s cybersecurity defenses came under withering scrutiny from congressional overnight committees. This week’s report isn’t likely to help.

We've never been very good at being conservative.

And usually, that serves us well in doing the ambitious, hard-hitting journalism that you turn to Mother Jones for. But it also means we can't afford to come up short when it comes to scratching together the funds it takes to keep our team firing on all cylinders, and the truth is, we finished our budgeting cycle on June 30 about $100,000 short of our online goal.

This is no time to come up short. It's time to fight like hell, as our namesake would tell us to do, for a democracy where minority rule cannot impose an extreme agenda, where facts matter, and where accountability has a chance at the polls and in the press. If you value our reporting and you can right now, please help us dig out of the $100,000 hole we're starting our new budgeting cycle in with an always-needed and always-appreciated donation today.

payment methods

We've never been very good at being conservative.

And usually, that serves us well in doing the ambitious, hard-hitting journalism that you turn to Mother Jones for. But it also means we can't afford to come up short when it comes to scratching together the funds it takes to keep our team firing on all cylinders, and the truth is, we finished our budgeting cycle on June 30 about $100,000 short of our online goal.

This is no time to come up short. It's time to fight like hell, as our namesake would tell us to do, for a democracy where minority rule cannot impose an extreme agenda, where facts matter, and where accountability has a chance at the polls and in the press. If you value our reporting and you can right now, please help us dig out of the $100,000 hole we're starting our new budgeting cycle in with an always-needed and always-appreciated donation today.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate