DHS $6 Billion Firewall Is Full Of Holes
This post is also available in: 
עברית (Hebrew)
A Department of Homeland Security firewall, meant to detect and prevent hacking attempts by nation-states against the US government, is apparently not very good at its job, according to redacted version of a secret federal audit.
EINSTEIN uses attacks patterns to detect suspicious traffic, but fails to scan for 94 percent of known, common vulnerabilities, nor does it check traffic for malicious content, Defense One reports.
The Government Accountability Office audit suggests that not only does the system fail in these two major areas, it also is only deployed at five out 23 major non-defence agencies.
The damning report into the $6 billion project suggests that the DHS failed to setup a system that effectively tackles the cyber threat, and points to a number of misaligned objectives and technologies.
“Until NCPS’ [as EINSTEIN is officially known] intended capabilities are more fully developed, DHS will be hampered in its abilities to provide effective cybersecurity-related support to federal agencies,” said in the report Gregory C. Wilshusen, GAO director of information security issues, and Nabajyoti Barkakati, director of the GAO Center for Technology and Engineering.
A major failing point of EINSTEIN is that it cannot combat so-called “advanced persistent threats.” These attacks are a common tactic for organised hackers, by which an a group gains a foothold in a part of a targeted system only to lie dormant for months, waiting for an opportune moment to exploit their unauthorised access.
Further, EINSTEIN was not designed to sync with the standard national database of security flaws at the National Institute of Standards and Technology. Due to this, the system can miss up to 94 percent of known vulnerabilities in common pieces of software like Adobe Acrobat, Flash, Internet Explorer, and many more.
All this makes for a firewall with too many holes. DHS is planning to address these vulnerabilities in future updates, but until then the Federal network seems to be very poorly protected.
