Intrusion detection

Overheard: Mandatory EINSTEIN

“What is different is that we’re going to have comprehensive coverage across federal networks, and that all the information about potential intrusions or malicious code would flow to a central point, the U.S. Computer Emergency Readiness Team at the Department of Homeland Security.” Scott Charbo, as quoted in Analysis: Einstein and U.S. cybersecurity

Mr. Charbo is the Chief Information Officer at the Department of Homeland Security.  He’s talking about EINSTEIN, a federal government’s intrusion detection software application. It’s been available since 2004, but now the DHS is going to make it mandatory. 

What took them so long, you ask? Well, apparently there wasn’t a single ”business owner” with enough power to mandate EINSTEIN’s global use until February, when President Bush signed that multi-billion-dollar cybersecurity initiative.  EINSTEIN has received its share of criticism. Some detractors point out that it’s not robust enough. Some worry that if everyone’s using the same software, everyone shares the same vulnerabilities. Some people just seem content to make Bush/Einstein jokes.

I’m not sure what I think about this yet.

See also: Einstein keeps an eye on agency networks 

Overheard: Network security is like a door…

“Teaching network security for the SANS Institute, I am frequently asked, “Will our networks ever be secure and safe for all to use?” My simple answer is: No. We will never be able to achieve total network security. I tend to use real “doors” as an analogy to make my point. Doors have been built and refined for thousands of years. Nevertheless, burglaries occur daily, even though we know how to build safe, burglar-proof doors.” Johannes Ullrich, The Disillusionment of Network Security