Sean McGurk, director of the Control Systems Security Program in the DHS National Cyber Security Division (NCSD), told a House panel that Einstein 2, the federal government’s network intrusion detection system, registered a total of 5.4 million “hits” in 2010, an average of 450,000 hits per month and 15,000 per day.
“A hit is an alert triggered by a predetermined intrusion detection signature that corresponds to a known threat. Each hit represents potential malicious activity for further assessment” by the US Computer Emergency Readiness Team (US-CERT), McGurk told the House Committee on Oversight and Government Reform’s national security, homeland defense, and foreign operations subcommittee during May 25 testimony.
Einstein 2 has so far been deployed at 15 of the 19 large federal departments and agencies that maintain their own locations for the Trusted Internet Connections (TIC) initiative, which is designed to consolidate the number of external internet connections at federal agencies, the DHS official said.
McGurk explained that Einstein’s next-generation, Einstein 3, will be able to “automatically detect and disrupt malicious activity before harm is done to critical networks and systems” in addition to detecting that activity. The system recently was successfully tested by the DHS and the National Security Agency during the Comprehensive National Cybersecurity Initiative 3 Exercise.
“As a result of the countermeasures deployed during the exercise, US-CERT was successful in denying the entry of more than 36,473 potentially malicious threats into the federal agency customer’s network infrastructure”, he testified.
Earlier this year, DHS Secretary Janet Napolitano said that her department expects to begin deploying Einstein 3 sometime this year.