ebooksgratis.com

See also ebooksgratis.com: no banners, no cookies, totally FREE.

CLASSICISTRANIERI HOME PAGE - YOUTUBE CHANNEL
Privacy Policy Cookie Policy Terms and Conditions
Einstein (US-CERT program) - Wikipedia, the free encyclopedia

Einstein (US-CERT program)

From Wikipedia, the free encyclopedia

For other uses, see Einstein (disambiguation).
EINSTEIN
Developed by US-CERT
Initial release 2004
Genre network security and computer security
Website Analytical Tools and Programs at US-CERT for government users

Einstein also known as the EINSTEIN Program is an intrusion detection system that monitors the network gateways of government departments and agencies in the United States for unauthorized traffic. The software was developed by the United States Computer Emergency Readiness Team (US-CERT),[1] which is the operational arm of the National Cyber Security Division[2] (NCSD) of the United States Department of Homeland Security (DHS).[3] The first version examined network traffic while the expansion in development could look at content.[4]

Contents

[edit] Mandate

The National Strategy to Secure Cyberspace (February 2003) featured the new cabinet-level United States Department of Homeland Security as the lead agency protecting IT.
The National Strategy to Secure Cyberspace (February 2003) featured the new cabinet-level United States Department of Homeland Security as the lead agency protecting IT.[5]

Einstein is the product of U.S. congressional and presidential actions of the early 2000s including the E-Government Act of 2002 which sought to improve U.S. government services on the Internet. Originating at the National Institute of Standards and Technology and subsequently moved to the General Services Administration, FedCirc was one of four watch centers that were protecting federal information technology[6] when the act designated it the primary incident response center.[7] With FedCirc at its core, US-CERT formed in 2003 as a partnership between the newly created DHS and the CERT Coordination Center which is funded at Carnegie Mellon University by the U.S. Department of Defense.[6] US-CERT delivered Einstein to meet statutory and administrative requirements that DHS help protect federal computer networks and the delivery of essential government services.[1] Its mandate originated in the Homeland Security Act and the Federal Information Security Management Act, both in 2002, and the presidential directive named Homeland Security Presidential Directive (HSPD) 7[1] which was issued on December 17, 2003.[8]

[edit] Adoption

Einstein was deployed in 2004[1] and until 2008 was voluntary.[9] By 2005, three federal agencies participated and funding was available for six additional deployments. By December 2006, eight agencies participated in Einstein and by 2007, DHS itself was adopting the program department-wide.[10] By 2008, Einstein was deployed at fifteen[11] of the nearly six hundred agencies, departments and Web resources in the U.S. government.[12]

[edit] Features

When it was created, Einstein was "an automated process for collecting, correlating, analyzing, and sharing computer security information across the Federal civilian government."[1] Einstein does not protect the network infrastructure of the private sector.[13] As described in 2004, its purpose is to "facilitate identifying and responding to cyber threats and attacks, improve network security, increase the resiliency of critical, electronically delivered government services, and enhance the survivability of the Internet."[1]

Einstein was designed to resolve the six common security weaknesses[1] that were collected from federal agency reports and identified by the OMB in or before its report for 2001 to the U.S. Congress.[14] In addition, the program addresses detection of computer worms, anomalies in inbound and outbound traffic, configuration management as well as real-time trends analysis which US-CERT offers to U.S. departments and agencies on the "health of the Federal.gov domain".[1] Einstein was designed to collect session data including:[1]

US-CERT may ask for additional information in order to find the cause of anomalies Einstein finds. The results of US-CERT's analysis are then given to the agency for disposition.[1]

[edit] Presidential directive NSPD 54

The National Security Agency/Central Security Service (headquarters pictured) was authorized in 2008 to monitor domestic federal networks.
The National Security Agency/Central Security Service (headquarters pictured) was authorized in 2008 to monitor domestic federal networks.[13]

As the number of actual attacks as well as perceived threats to U.S. networks increased during the mid-2000s, Einstein became mandatory. U.S. departments and agencies had reported a large increase in security incidents for 2007.[15] The U.S. Department of State, Department of Commerce, Department of Defense and Department of Homeland Security itself experienced attacks during late 2006 and early 2007.[13] A presidential directive was discussed in 2007 and issued on January 8, 2008 and is known by three names: National Security Presidential Directive (NSPD) 54, HSPD 23 and the Cyber Initiative.[16][13] Although the directive and its details are classified, it is public information that Einstein is no longer optional.[9]

Following NSPD 54, three agencies were authorized to conduct domestic intrusion detection in addition to DHS: the National Security Agency (NSA), Central Intelligence Agency (CIA) and the Cyber Division of the Federal Bureau of Investigation (FBI).[13] The NSA has a "twofold mission" to protect U.S. information systems and to produce foreign signals intelligence information, but previously had been "authorized by law to collect only foreign intelligence information".[17] A task force led by the office of the Director of National Intelligence became responsible for efforts to identify the source of attacks, and the Pentagon was authorized to develop counterattacks.[13]

It was decided that DHS lacked the "expertise and authority" to lead the effort, for example, the Office of Management and Budget (OMB) had assessed a Federal Emergency Management Agency/DHS division as not demonstrating results.[18] DHS was directed to protect systems[13] and as of 2008 remained the lead "for assuring the security, resiliency and reliability" of the nation's information technology and "communications infrastructure".[19] US-CERT remained the department's response center responsible for the nation's "Internet infrastructure".[19] DHS continued to promote Einstein and the goal of its use in all federal agencies and departments.[19]

[edit] Expansion

Three constraints on Einstein that the DHS is trying to address are the large number of access points to U.S. agencies, the low number of agencies participating, and the program's "backward-looking architecture".[20] A "Trusted Internet Connections" initiative was expected to reduce the government's 4,000 access points to 50 or fewer by June 2008.[21] A new version of Einstein in 2008 in addition would "collect network traffic flow data in real time and also analyze the content of some communications, looking for malicious code, for example in e-mail attachments."[22] The expansion is known to be one of at least nine measures to protect federal networks.[19] Einstein could be enhanced to create an early warning system to predict intrusions.[20]

[edit] Privacy

A Privacy Impact Assessment (PIA) for the first version is available from 2004,[1] and a new PIA is expected before deployment of the expanded Einstein.[9][4] According to the DHS privacy assessment for US-CERT's 24x7 Incident Handling and Response Center in 2007, US-CERT data is provided only to those authorized users who "need to know such data for business and security purposes" including security analysts, system administrators and certain DHS contractors. Incident data and contact information are never shared outside of US-CERT and contact information is not analyzed. To secure its data, US-CERT's center began a DHS certification and accreditation process in May 2006 and expected to complete it by the first quarter of fiscal year 2007. As of March 2007, the center had no retention schedule approved by the National Archives and Records Administration and until it does, has no "disposition schedule"—its "records must be considered permanent and nothing may be deleted".[23]

[edit] Notes

  1. ^ a b c d e f g h i j k US-CERT (September 2004). Privacy Impact Assessment: EINSTEIN Program (PDF). U.S. Department of Homeland Security, National Cyber Security Division. Retrieved on 2008-05-13.
  2. ^ About US-CERT. U.S. Department of Homeland Security. Retrieved on 2008-05-18.
  3. ^ Miller, Jason. "Einstein keeps an eye on agency networks", Federal Computer Week, 1105 Media, Inc., May 21, 2007. Retrieved on 2008-05-13. 
  4. ^ a b Lieberman, Joe and Susan Collins (May 2, 2008). Lieberman and Collins Step Up Scrutiny of Cyber Security Initiative. U.S. Senate Homeland Security and Governmental Affairs Committee. Retrieved on 2008-05-14.
  5. ^ The National Strategy to Secure Cyberspace (PDF). U.S. government via Department of Homeland Security (February 2003). Retrieved on 2008-05-18.
  6. ^ a b Gail Repsher Emery and Wilson P. Dizard III. "Homeland Security unveils new IT security team", Government Computer News, 1105 Media, Inc., September 15, 2003. Retrieved on 2008-05-16. 
  7. ^ About E-GOV: The E-Government Act of 2002. U.S. Office of Management and Budget. Retrieved on 2008-05-16.
  8. ^ Office of the Press Secretary via whitehouse.gov (December 17, 2003). "Homeland Security Presidential Directive/Hspd-7". Press release. Retrieved on 2008-05-18.
  9. ^ a b c Vijayan, Jaikumar. "Q&A: Evans says feds steaming ahead on cybersecurity plan, but with privacy in mind", Computerworld, IDG, February 29, 2008. Retrieved on 2008-05-13. 
  10. ^ Office of the Inspector General (June 2007). Challenges Remain in Securing the Nation’s Cyber Infrastructure (PDF). U.S. Department of Homeland Security. Retrieved on 2008-05-18.
  11. ^ U.S. Department of Homeland Security (March 6, 2008). "Fact Sheet: U.S. Department of Homeland Security Five-Year Anniversary Progress and Priorities". Press release. Retrieved on 2008-05-18.
  12. ^ Apart from 106 listings for "Website" or "Home Page", 486 listings appear in A-Z Index of U.S. Government Departments and Agencies. U.S. General Services Administration. Retrieved on 2008-05-18.
  13. ^ a b c d e f g Nakashima, Ellen. "Bush Order Expands Network Monitoring: Intelligence Agencies to Track Intrusions", The Washington Post, The Washington Post Company, January 26, 2008. Retrieved on 2008-05-18. 
  14. ^ Office of Management and Budget (undated). FY 2001 Report to Congress on Federal Government Information Security Reform (PDF). Office of Information and Regulatory Affairs. Retrieved on 2008-05-14.
  15. ^ About 5,100 incidents in 2006 compared to 13,000 in 2007, in Allard, Tom. "In cyberspace they can't hear you scream", The Age, The Age Company, April 19, 2008. Retrieved on 2008-05-18. 
  16. ^ Gorman, Siobhan. "House panel chief demands details of cybersecurity plan", The Baltimore Sun, Tribune Company, October 24, 2007. Retrieved on 2008-05-19. 
  17. ^ Answers #1 and #13 in About NSA: Frequently Asked Questions. U.S. National Security Agency/Central Security Service. Retrieved on 2008-05-18.
  18. ^ National Protection & Programs Division: Cyber Security. U.S. Office of Management and Budget and Federal agencies (2007). Retrieved on 2008-05-18.
  19. ^ a b c d U.S. Department of Homeland Security (April 8, 2008). "Fact Sheet: Protecting Our Federal Networks Against Cyber Attacks". Press release. Retrieved on 2008-05-13.
  20. ^ a b U.S. Department of Homeland Security (April 8, 2008). "Remarks by Homeland Security Secretary Michael Chertoff to the 2008 RSA Conference". Press release. Retrieved on 2008-05-13.
  21. ^ Vijayan, Jaikumar. "Feds downplay privacy fears on plan to expand monitoring of government networks", Computerworld, IDG, February 28, 2008. Retrieved on 2008-05-13. 
  22. ^ Waterman, Shaun. "Analysis: Einstein and U.S. cybersecurity", United Press International, March 8, 2008. Retrieved on 2008-05-13. 
  23. ^ Privacy Impact Assessment for the 24x7 Incident Handling and Response Center (PDF). U.S. Department of Homeland Security (March 29, 2007). Retrieved on 2008-05-14.

[edit] External links


aa - ab - af - ak - als - am - an - ang - ar - arc - as - ast - av - ay - az - ba - bar - bat_smg - bcl - be - be_x_old - bg - bh - bi - bm - bn - bo - bpy - br - bs - bug - bxr - ca - cbk_zam - cdo - ce - ceb - ch - cho - chr - chy - co - cr - crh - cs - csb - cu - cv - cy - da - de - diq - dsb - dv - dz - ee - el - eml - en - eo - es - et - eu - ext - fa - ff - fi - fiu_vro - fj - fo - fr - frp - fur - fy - ga - gan - gd - gl - glk - gn - got - gu - gv - ha - hak - haw - he - hi - hif - ho - hr - hsb - ht - hu - hy - hz - ia - id - ie - ig - ii - ik - ilo - io - is - it - iu - ja - jbo - jv - ka - kaa - kab - kg - ki - kj - kk - kl - km - kn - ko - kr - ks - ksh - ku - kv - kw - ky - la - lad - lb - lbe - lg - li - lij - lmo - ln - lo - lt - lv - map_bms - mdf - mg - mh - mi - mk - ml - mn - mo - mr - mt - mus - my - myv - mzn - na - nah - nap - nds - nds_nl - ne - new - ng - nl - nn - no - nov - nrm - nv - ny - oc - om - or - os - pa - pag - pam - pap - pdc - pi - pih - pl - pms - ps - pt - qu - quality - rm - rmy - rn - ro - roa_rup - roa_tara - ru - rw - sa - sah - sc - scn - sco - sd - se - sg - sh - si - simple - sk - sl - sm - sn - so - sr - srn - ss - st - stq - su - sv - sw - szl - ta - te - tet - tg - th - ti - tk - tl - tlh - tn - to - tpi - tr - ts - tt - tum - tw - ty - udm - ug - uk - ur - uz - ve - vec - vi - vls - vo - wa - war - wo - wuu - xal - xh - yi - yo - za - zea - zh - zh_classical - zh_min_nan - zh_yue - zu -