In Today's Politico, David Perera reports a delay in the implementation of Einstein 3. [http://www.politico.com/story/2014/11/federal-cybersecurity-plan-stalls-113044.html] which has had more delays than any computer security project in recent years. Putting DHS in charge of anything computer related is always an interesting experience, but their inability to get capability from money is probably the most telling.
If you ever wanted to know what Einstein 3 was, you need only look at the publically posted Privacy Impact Statement at [http://www.dhs.gov/sites/default/files/publications/privacy/PIAs/PIA%20NPPD%20E3A%2020130419%20FINAL%20signed.pdf]
Why they thought it necessary to publish this much about the program is beyond understanding, especially when it says the impact to privacy by this deep-packet inspection program, is wavering on the non-existent. This totally bogus argument is beyond any rational understanding of what deep-packet inspection means, or how it is used.
The delay in implementation is caused by an interesting two-year reluctance on the part of AT&T to buy into using the system on their networks. Century Link and Verizon have both agreed to do it.
AT&T has used the old standby of liability to describe their foot dragging. This same argument was used to kill the last bill to allow information sharing between commercial companies, only in this circumstance, they could have a better case. What ISP wants to use a system that was developed by a number of different government contractors, and automatically responds and mitigates intrusions? There are far too many variables in this kind of thing to do that in networks as big as the ones at the Federal level. Maybe AT&T is right, but if so, they should bow out and not participate. Maybe that $3 Billion was too much for them to ignore.
I remember the start of this Einstein program back in the 2007 time-frame. A 7-year implementation of anything in IT is doomed. The technology is outdated by the time it is deployed. Why DHS was content to "negotiate" with AT&T for 2 years is beyond understanding. Why they spend 7 years upgrading is also.
GAO needs to get in there an find out what is going on, as they did in 2010 when they said " Agencies that participated in Einstein 1 improved identification of incidents and mitigation of attacks, but DHS will continue to be challenged in understanding whether the initiative is meeting all of its objectives because it lacks performance measures that address how agencies respond to alerts." Doesn't sound like much has changed. Where that $3 Billion is going is a mystery worth looking into.
No comments:
Post a Comment