A secret audit by the Government Accountability Office (GAO), which released a public version of its findings last week, found that a federal security system worth nearly $6 billion is not doing its job of blocking hackers from accessing agency computers, Re/code reported Monday (Feb. 1).
The Einstein system, originally known as the National Cybersecurity Protection System (NCPS), is operated by the U.S. Department of Homeland Security (DHS) and was found by the GAO to be inadequate when it comes to detecting attempted cyberattacks on federal agencies’ networks.
The GAO report said that by using only signature-based intrusion detection, as opposed to indicating an attack by examining anomalies or odd traffic patterns within a network, the system is essentially limited in how effective it can really be.
“GAO recommends that DHS take nine actions to enhance NCPS’ capabilities for meeting its objectives, better define requirements for future capabilities and develop network routing guidance. DHS concurred with GAO’s recommendations,” the report stated.
Those nine actions include enhancing current intrusion detection capabilities, establishing a timetable for the incident notification process, developing actionable metrics and developing better documentation for secure routing requirements with both customer agencies and Internet providers.
The report continued: “The effectiveness of NCPS further depends on its adoption by agencies. While the adoption of the intrusion detection capabilities is widespread among the 23 agencies required to use NCPS, the implementation of intrusion prevention capabilities is more limited due to policy and implementation challenges that DHS is working to overcome. However, addressing a lack of guidance for routing network traffic through NCPS sensors could help better ensure a wider and more effective use of NCPS capabilities.”
GAO’s report stands as yet another example of the federal government’s ongoing challenges when it comes to securing its networks and computers from cyberattacks.
In the wake of the massive data breaches that rocked the U.S. Office of Personnel Management (OPM) earlier in 2015, the agency appointed a new cyber and information technology advisor last November.
“To help build on the federal government’s efforts to strengthen our cybersecurity posture and provide assistance to individuals impacted by the recent cyberintrusions, we must recruit and retain a variety of highly motivated and qualified individuals from this constantly evolving field,” Acting Director Beth Cobert said in a news release at the time.
But despite its reported efforts to strengthen cyberdefenses and IT systems, new revelations surrounding the devastating OPM attacks continue to cast doubt on the agency’s past claims on data security.
Last September, OPM released a statement explaining that of the 21.5 million digital records compromised by a team of hackers, 1.1 million were originally announced to have had copies of their fingerprints stolen, but the number of impacted fingerprint files is actually closer to 5.6 million in total.
“The fact that the number [of fingerprints breached] just increased by a factor of five is pretty mind-boggling,” Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology, told The Washington Post at the time. “I’m surprised they didn’t have structures in place to determine the number of fingerprints compromised earlier during the investigation.”