The Homeland Security Department is supplying real-time cyber threat mitigation to 88 percent of federal civilian agencies, an official tells Nextgov.
That’s up from roughly 50 percent of agencies that were running the third-generation threat detection system known as Einstein 3 Accelerated, or E3A, in January, and 20 percent the year before.
It’s still shy though of the 100-percent participation Congress mandated by mid-December as part of Cybersecurity Act of 2015.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
Like its predecessors Einstein 1 and Einstein 2, E3A uses a mix of public and government threat indicators to detect malicious web traffic, such as an email with a malware-laden PDF attachment, targeting government networks.
Unlike the predecessor systems, however, E3A can halt malicious traffic before it reaches government networks.
This prevention portion of the system is housed inside federal agencies’ internet service providers.
A January audit found significant problems implementing the prevention system, including delays negotiating agreements between agencies and ISPs, and difficulties within ISPs implementing the systems and retaining enough workers with security clearances to operate them.
The Government Accountability Office audit found only five of 23 agencies were effectively receiving intrusion prevention services. E3A's ability to mitigate threats was further limited because the system didn't monitor numerous threat indicators such as changes in basic network behavior, auditors found.
The prevention system is now up and running at three ISPs, the DHS official told Nextgov, though the official did not delve into any implementation challenges.
It’s not clear which specific agencies aren’t yet using E3A. Sen. Ron Johnson, R-Wisc., criticized the Internal Revenue Service for failing to implement E3A in September. Johnson chairs the Senate’s Homeland Security and Governmental Affairs Committee.