DHS reveals some plans on cybersecurity effort
The Homeland Security Department has released more information about its role in the highly classified Comprehensive National Cybersecurity Initiative (CNCI). However, much still remains unknown about the multiyear, multiagency effort to secure federal cyber networks. DHS plays a leading role in the CNCI.
In one area, DHS said it initially would judge CNCI’s execution on how quickly intrusion detection sensors are deployed throughout the federal government's information technology networks. The sensors are part of the EINSTEIN system that DHS uses to track unauthorized access into agencies' networks.
Many of the details of the initiative remain classified, and the Senate Homeland Security and Governmental Affairs Committee in May asked DHS for further clarification on its roles in the CNCI. The committee released a redacted version of DHS' original answers to those questions July 31.
President Bush launched the initiative with a classified presidential directive in January and since then when asked about CNCI, DHS officials have mentioned EINSTEIN's efforts, as well as the Office of Management and Budget’s efforts to reduce the government's number of Internet connections.
The department is planning on implementing a new version of the intrusion detection and alert system — EINSTEIN 2 — designed monitor agencies’ Internet access points for malicious activity and capture intrusion data along with data transmitted in proximity to an alert. Officials also outlined steps they were taking to ensure that personally identifiable information was not put at risk by the new enhanced sensors.
DHS published a privacy impact assessment on the program in May and plans to begin deployment of the new system later this summer. DHS said it would not release publicly any data on plans or upgrades to the EINSTEIN program because they were classified.
DHS did not announce any additional programs and gave little in the way of specific details on how the CNCI would be carried out. However, the answers did provide information about how the department plans to judge the success of the program.
To measure CNCI’s success, DHS told the Senate committee it is also considering measuring:
- The resolution rate of cyber incidents.
- The average resolution time for reported incidents.
- The average time needed to publish cyber alerts.
- The number of education programs that DHS is conducting.
- The number of planning tests and exercises conducting by civilian agencies.
The answers to questions regarding contractors’ roles in the department's cybersecurity efforts were almost entirely removed from the version released to the public. Some lawmakers have expressed anxiety over how heavily contractors would be relied on in the initiative.
DHS did say that to implement the unclassified portions of CNCI, it is also in the process of converting 50 contractor employees to federal positions.
Ben Bain is a reporter for Federal Computer Week.