DHS cites steps to detect increasing network intrusions

The Department of Homeland Security intends to deploy 50 new intrusion detection systems to federal agencies by the end of the year.

The Homeland Security Department plans to complete an analysis in about 45 days to determine which U.S. government computer networks are most vulnerable to cyberattacks, with the intention of deploying 50 new intrusion detection systems to federal agencies by the end of the year, a top U.S. cybersecurity official said today.

Comment on this article in The Forum."We're concerned that the intrusions are more frequent and they're more targeted and they're more sophisticated," said Robert Jamison, undersecretary for the department's national protection and programs directorate. Jamison heads up Homeland Security's role in the Bush administration's so-called Cyber Initiative, a massive, multiyear, multibillion-dollar effort to counter attacks on U.S. computer networks. Most of the initiative remains classified, but Homeland Security is responsible for defending networks across the federal government or those that fall within the .gov domain.

At a news conference today, Jamison said the department is mapping where Internet access points exist across the .gov domain and which federal agencies are most at risk of attacks. Based on that information, the department will install 50 advanced intrusion detection devices, known as Einstein systems, by the end of 2008 to the networks most at risk, Jamison said. "Over the next 30 to 45 days we hope to have a much more comprehensive picture of exactly which agencies are going to get the initial deployments," he said.

The number of network intrusions recorded by federal agencies is expected to rise as Einstein systems are deployed. Jamison said there were about 37,000 reportable incidents last year.

"We've got a very small percentage of our Einstein flow-analysis capability in the government right now," he said. "I think if you look at the growth in Internet traffic and our dependence on Internet traffic it's going to continue to go up," he added. "And I think that we will have a definitively much better comprehensive situational awareness across [the] .gov [domain]. Both of those facts lead me to believe that we will have probably more reportable incidents and more incidents to manage." He said one of the biggest challenges for the government is determining real attacks from nuisance activity. He declined to discuss which foreign governments might be attacking U.S. government networks.

Jamison said Homeland Security is working with OMB to consolidate the number of Internet access points across the government. "We've got thousands of Internet access points. …" he said. "Step one is to consolidate those down to a much more manageable number and a number where we can deploy our next-generation Einstein capability to give us a much more capable environment to do network defense on the .gov domain."

On another front, Jamison declined to comment on whether private contractor Unisys falsified documents related to securing Homeland Security computer networks, saying the matter is under investigation by the department's inspector general. Unisys has denied any wrongdoing.