EINSTEIN Arrives: Should the DHS Cybersecurity System be Available to All Federal Agencies? (S. 1869)
Do you support or oppose this bill?
What is S. 1869?
(Updated March 15, 2018)
This bill seeks to improve federal network security by mandating that federal agencies adopt cybersecurity best practices, and accelerating the use of the Dept. of Homeland Security’s (DHS) intrusion detection and prevention system across the federal government. It responds to several high profile hacks at the Office of Personnel Management (OPM) and the Dept. of Defense (DOD) which compromised the personal information of federal employees and contractors.
Among the newly mandated cybersecurity controls that federal agencies must implement are two-factor authentication and encryption for sensitive systems. DHS and the Office of Management and Budget (OMB) would be required to do a comprehensive assessment of active breaches in federal networks to hunt down and remove intruders.
The DHS intrusion detection and prevention system known as EINSTEIN would made available to other federal agencies following uncertainty whether other agency could deploy the technology. EINSTEIN would be further strengthened by the addition of advanced cyber technologies including commercial tools. Agencies would be required to implement the system within one year of this bill’s enactment. Privacy protections for the system along with transparency and accountability concerns would be addressed in annual status reports to Congress.
All of these requirements would sunset after seven years, while both DHS and OMB would be subject to ongoing reporting to Congress on the implementation of the EINSTEIN system.
Argument in favor
There have been too many significant breaches of federal networks, which point to a lack of urgency towards cyber security in the affected agencies. Requiring the adoption of DHS security systems should help prevent future breaches.
Argument opposed
Regardless of what network security system federal agencies use, there will always be breaches because there are highly motivated people that want to break into those networks. If EINSTEIN gets breached, it could affect every agency using the system.
Impact
Federal employees and contractors whose information could be compromised by future breaches, federal agencies that haven’t adopted EINSTEIN for network security yet, DHS, OMB, DOD, and Congress.
Cost of S. 1869
A CBO cost estimate is unavailable.
Additional Info
In-Depth: This bill’s sponsor — Sen. Tom Carper (D-DE) — called the EINSTEIN program a “valuable tool that can help agencies detect and block cyber threats before they can cause too much harm.” Sen. Ron Johnson (R-WI), the lead cosponsor, added that had the system been in place it “likely would have stopped the hack of the Office of Personnel Management.”
This bill was approved unanimously by the Senate’s Homeland Security and Governmental Affairs Committee, and has received strong support from the Dept. of Homeland Security. The Secretary of DHS Jeh Johnson said that this is a “vital piece of legislation” and praised the enhanced security measures it would require.
Of Note: When the Office of Personnel Management was hacked — allegedly by China — it compromised the personal information of over 21.5 million people who work for or applied for jobs within the federal government.
That breach was followed by a hack of the Department of Defense’s email servers, which gave the intruder — believed to be Russia — access to Pentagon worker’s emails. It also wasn’t the first time the DOD’s networks have been breached in 2015, after Russia hacked into its unclassified network in April.
Media:
- Sponsoring Sen. Tom Carper (D-DE) Press Release
- Cosponsoring Sen. Ron Johnson (R-WI) Summary
- Senate Homeland Security and Governmental Affairs Committee Press Release
- ExecutiveGov
- FCW
- Dept. of Homeland Security (In Favor)
(Photo Credit: Flickr user medithIT)
The Latest
-
IT: Ireland, Norway, and Spain recognize an independent Palestine, and... 📱Should the govt do more to regulate social media?Welcome to Thursday, May 23rd, associates... Ireland, Norway, and Spain announced that they will formally recognize an read more...
-
EU Investigates Meta for Addictive Effects on ChildrenUpdated May 22, 2024 The European Union opened up an investigation into Meta , the U.S.-based social media giant, for the read more... Children
-
The Latest: Ireland, Norway, and Spain To Recognize a Palestinian StateUpdated May 22, 2024, 12:00 p.m. Ireland, Norway, and Spain announced that they will formally recognize an independent read more... Israel
-
IT: Ultraconservative Iranian president dies unexpectedly, and... How do you feel about the U.S.'s response to the Israel-Hamas war?Welcome to Tuesday, May 21st, worker bees... Iranian President Ebrahim Raisi died in a helicopter crash, state media announced read more...