DHS Contract Expands Anti-Hacker EINSTEIN Protection to Every Agency

Internet Service Provider CenturyLink has won a multiyear contract worth up to $10.8 million dollars to fill gaps in a governmentwide firewall, according to the Department of Homeland Security.

The deal was inked to complete a goal of making so-called EINSTEIN 3A network protections available to all civilian agencies by Dec. 31, a DHS official told Nextgov on Tuesday.

It also conforms to a sweeping cyber shape-up plan the White House launched in October, following an Office of Personnel Management hack that exposed background check records on 21.5 million Americans applying for access to classified materials and their families.

Right now, EINSTEIN 3A’s intrusion-blocking services are only offered to agencies receiving telecommunications services from CenturyLink, AT&T or Verizon. Agencies that connect to the Internet through Sprint, Level 3 or other providers are not protected.

CenturyLink now will secure those agencies that cannot obtain EINSTEIN 3A services from their ISPs.

“We’re the only provider authorized to offer E3A to federal civilian agencies where CenturyLink is not the Internet service provider,” company spokeswoman Linda Johnson said.  

AT&T and Verizon will continue offering the services to their respective customers, the DHS official said.

CenturyLink's EINSTEIN 3A program blocks suspicious domain names, filters out malicious email and looks for "signatures" of hacking activity, company officials said on Monday.

The Oct. 30 Cybersecurity Strategy and Implementation Plan indicated an award announcement was imminent.

"DHS has issued a contract action that will provide EINSTEIN 3A protections to participating agencies that are not covered by the ISPs currently under contract," Shaun Donovan, the White House Office of Management and Budget director, and Tony Scott, the U.S. chief information officer, said in the memo.

These network protections -- enhancements to earlier intrusion-“detection” versions of EINSTEIN -- can actually repel intruders attempting to enter U.S. government systems. This is done by scanning email metadata and Internet traffic for known characteristics of hacker operations, such as infected attachments and malicious Web addresses.

DHS also is testing technology that could block hackers trying to break in through weaknesses in software not publicly known, called "zero day" exploits, Donovan and Scott said. The tactic relies on "behavioral-based analytics," essentially algorithms that spot abnormal user activity or unusual Internet traffic patterns. Results from the trial are due to the White House by March 31, 2016.

The CenturyLink contract consists of a $1.2 million six-month base award, with four 1-year options -- making the total value $10.8 million, according to DHS. The EINSTEIN initiative is estimated to have cost $3 billion since its inception.

DHS Secretary Jeh Johnson on July 8, shortly after the OPM hack was announced, challenged the department to make aspects of E3A "available" to all federal civilian agencies by the end of 2015.

But he and lawmakers have warned that even agencies where EINSTEIN is available are not using the protections.

Sens. Ron Johnson, R-Wisc., and Tom Carper, D-Del., who helm the Homeland Security and Governmental Affairs Committee, have sponsored legislation that would mandate the use of the tool. Currently, EINSTEIN 3A blankets less than half of the civilian government. Some agencies are hesitant, for legal reasons, to share citizen data with DHS, which operates EINSTEIN, Homeland Security officials say.

On Nov. 19, the Government Accountability Office announced the release of a classified report on EINSTEIN, or, as it's officially known, the National Cybersecurity Protection System. The audit, titled "DHS Needs to Enhance Capabilities, Improve Planning, and Support Greater Adoption of Its National Cybersecurity Protection System," reinforces Johnson's concern that EINSTEIN is not living up to its potential, a committee aide said.

(Image via deepadesigns/Shutterstock.com)