Richard Steinnon: DHS Not Using Right Tools for Cyber War
Richard Steinnon
The Department of Homeland Security is not employing the right tools for cyber warfare, writes Richard Steinnon, author of Surviving Cyberwar.
Citing the recent hearing in which the inspector general of DHS gave testimony before the House Committee on Homeland Security, Steinnon writes that the problem with U.S.-CERT is not the staffing shortages or the leadership turnovers but rather its “impossible mission.”
“There appears to be some belief within DHS and the inspector general’s office that the secret Einstein project is somehow going to improve cyber security,” he writes. “Pointing fingers at slow deployment and lack of information dissemination is ignoring a more fundamental problem.”
The Einstein program is not an effective tool for cybersecurity, according to Steinnon. The technology was developed approximately 15 years ago and is signature-based, relying on database collections of code and text.
“The only tool in DHS’s chest is a monitoring tool,” Steinnon writes. “Millions of alerts have to be filtered down. The continuous port scans, the worm traffic, the DDoS attacks, have to be winnowed down to something actionable.”
The deployment of the Einstein program is ineffective and should be halted, he writes.
“Einstein is a waste of money and a distraction,” Steinnon writes. “Other than generating huge reports that highlight the levels of attacks targeting DHS it will do nothing to protect DHS networks. There have been a lot of advances in network security technology since 2003. It is time for DHS to get serious about security.”
Related posts:
There is no silver bullet for security and your negative critique of the Einstein program seems to suggest you think there is. Furthermore, US-CERT was not established to authoritatively protect DHS networks in the sense of mitigation and quarantine, but instead from a reporting and trending aspect (as indicated on their website). Furthermore, your article would be better served if it included a critique AND solution rather than only point out what you think is missing. If you think that a “monitoring” solution is a waste of money, then please explain how MSSPs such as Symantec and Verizon continue to offer monitoring services to their constituents – and why those constituents feel the service is an invaluable aspect of their overall enterprise security posture. Tell us how you think one component within DHS can tell other government organziations how they should better defend their networks and infrastructure without congressional authority to do so? “The only tool in DHS’s chest is a monitorying tool”…is this fact or your opinion? I’d be willing to bet DHS isn’t gambling their success on “one” tool – perhaps you’re just not well informed. “It’s time for DHS to get serious about security”… perhaps you could help with a few suggestions instead of a flame session – IMHO.