DHS Testing Einstein 3

The Homeland Security Department has completed the first two stages of testing on the third and latest version of Einstein, a network security program that monitors traffic in government agencies to guard against cyber threats.

DHS partnered with a commercial Internet service provider and one federal agency to conduct this pilot. So far, the agency has successfully installed Einstein 3 technology within a facility in the Internet service provider where agency traffic is being redirected, DHS told NextGov. It is about three weeks into phase three of the pilot, during which capabilities developed by the National Security Agency to target and zoom in on malicious threats will be tested over 60 days.

If phase three goes according to plan, Einstein 3 will be in operation in the designated federal agency for up to a year.

Einstein 3 enhances cybersecurity information sharing between agencies, pumps out threat alerts to federal agencies, and zooms in on threats before harm is done. Michael Chertoff, former homeland security secretary in an interview with the Washington Post described it as "a cop who actually arrests you and pulls you off the road when he sees you driving drunk."

Einstein 2 -- which is being rolled out in federal agencies this year -- alerts the United States Computer Emergency Readiness Team when malicious activity is detected but does not have such the same capabilities to carry out automated threat-based decision-making as Einstein 3.

But since Einstein 2 was implemented, Einstein has been a source of controversy for privacy advocates, who say that the partially classified program remains shrouded in secrecy.

After DHS' Privacy Office released a privacy impact assessment on Einstein 3 last month, Jared Kaprove, a fellow at Electronic Privacy Information Center, a privacy research group, expressed concerns that the report may not be reflective of the full extent of information sharing taking place under Einstein 3.

DHS spokesperson Steve Richards refuted this claim, stressing that this privacy impact statement was the department's first classified Privacy Impact Assessment to become declassified.

According to the assessment, only a limited portion of traffic associated with identified cyber threats will be available to DHS analysts for review. Alerts can only contain metadata about cyber threats and not the content of network traffic.

In addition, the assessment states that the agency participating in this pilot will have to ensure that its "network users are aware that their use of government-owned information...and their communications transiting through on stored on such systems may be monitored." Gregory Nojeim, senior counsel at the civil liberties group, Center for Democracy and Technology, said that "for people who work at the government, notice is the appropriate route."

Alan Paller, director of the SANS Institute, a research cooperative, emphasized that the pilot would help agencies find out about the procedures that could be put in place to protect data from misuse. He praised the agency for taking "a very public step forward," adding that "people on the privacy side will say, 'nothing is enough'; people on the cybersecurity side will say, 'let them do anything.' The great way to get started is that the watchers are being watched."