The Homeland Security Department has been experimenting with the Einstein 3 intrusion prevention cybersecurity software for almost three years. Now it looks as if the agency is ready to move beyond the test phase.
DHS bought about $20 million worth of software from TIBCO Federal Services earlier this year as part of its plan for broader deployment of the Einstein 3 program.
“With our messaging software, we have adapters that will allow all the users to connect all the different systems and components of the cyber stack back up to the enterprise bus, and then we bring the information together in real time,” said Dick Martin, president of TIBCO federal. “By accessing the information for all the different systems in real time, we can react more quickly.”
Under the five-year deal, DHS can distribute the TIBCO messaging software to the civilian agencies at no extra cost as they deploy the advanced cybersecurity system.
DHS would not comment on the software deal and didn’t respond to multiple requests for comments about Einstein 3 more broadly.
But in its Privacy Impact Assessment from March 2010, DHS wrote, Einstein 3 “will draw on commercial technology and specialized government technology to conduct real-time full packet inspection and threat-based decision-making on network traffic entering or leaving these executive branch networks. The goal of Einstein 3 is to identify and characterize malicious network traffic to enhance cybersecurity analysis, situational awareness and security response. It will have the ability to automatically detect and respond appropriately to cyber threats before harm is done, providing an intrusion prevention system supporting dynamic defense.”
DHS asked Congress for more than $200 million for the Einstein program in the fiscal 2012 budget request. Congress allocated $229 million for network security deployment in the 2012 omnibus bill passed earlier this month, but didn’t specifically call out the Einstein program. Congress also authorized $79.1 million for U.S. CERT and $35 million for federal network security. Overall, DHS will receive $443 million for cyber activities in 2012.
DHS implemented Einstein at all agencies and Einstein 2 at 15 agencies plus on the four Networx telecommunications Managed Trusted Internet Providers networks.
The decision to buy TIBCO software signals a plan to move out more broadly with Einstein 3.
Martin said the TIBCO software will help minimize the threats from intrusions and also will help eliminate intrusions to begin with.
“Right now, if an agency has a variety of different point products to help protect their networks, the information from each one of these, by the time you get it, the intrusion has already happened and the damage is done,” Martin said. “What we do is we connect in real time to each and every one of these point products, and we bring the information up to a control center. We can determine based on the nature of the threats if it’s real and then we have a rules engine that will automatically take action against that intrusion.”
TIBCO’s messaging software already is in place across several agencies, including the Army and the Air Force.
Martin said the Air Force, for instance, has been able to minimize the effects of cyber attacks by getting data at “machine speed” instead of the six weeks it used to take.
“The intention and focus with Einstein 3 is with the civilian agencies,” he said. “There also are some plans in the near future to protect the networks in the Defense Industrial Base. And in the long-term, there are other industries outside the federal government, such as the finance industry and the energy grid, that need cybersecurity help. There are no contracts for the Defense industrial base or for any of the other outside industries yet, but the future forward is clearly going in that direction.”