Where do you stand?

senate Bill S. 1869

EINSTEIN Arrives: Should the DHS Cybersecurity System be Available to All Federal Agencies?

Argument in favor

There have been too many significant breaches of federal networks, which point to a lack of urgency towards cyber security in the affected agencies. Requiring the adoption of DHS security systems should help prevent future breaches.

operaman's Opinion

···

08/10/2015

Hell yes! Great idea to have a common central Cyber-database. I'll personally pay for it myself right after I hack the Federal Reserve. Kinda sounds like that common radio frequencies supported post 2001 Twin Tower attack. Haven't heard how that's working out. Have you?

Like (4)

Alis's Opinion

···

08/24/2015

The federal government is pitifully underfunded in the area of technology--only the worst will do. It doesn't make sense to expect government to function adequately (or protect the data of the citizenry) without decent equipment. EVERY AGENCY NEEDS IT NOW!

Like (2)

jrs333's Opinion

···

08/12/2015

That is why the DHS was created, to be a warehouse of security information. So let's make it available.

Like (1)

Argument opposed

Regardless of what network security system federal agencies use, there will always be breaches because there are highly motivated people that want to break into those networks. If EINSTEIN gets breached, it could affect every agency using the system.

Marvin's Opinion

···

08/23/2015

I think having only one could make us more vulnerable. I think we should hire hackers to hack the hackers.

Like (4)

Seeya's Opinion

···

08/30/2015

Disband the DHS, they've done nothing but make every law abiding American a potential terrorist.

Like (3)

TDJCatholicBlogger's Opinion

···

08/21/2015

This a very complex issue, but I will say that, for the moment, to have a single system protecting all government agencies would mean that once it's taken down for one agency, all agencies would become vulnerable. Perhaps a "both it and more" approach would be more resilient.

Like (3)

What is Senate Bill S. 1869?

This bill seeks to improve federal network security by mandating that federal agencies adopt cybersecurity best practices, and accelerating the use of the Dept. of Homeland Security’s (DHS) intrusion detection and prevention system across the federal government. It responds to several high profile hacks at the Office of Personnel Management (OPM) and the Dept. of Defense (DOD) which compromised the personal information of federal employees and contractors.

Among the newly mandated cybersecurity controls that federal agencies must implement are two-factor authentication and encryption for sensitive systems. DHS and the Office of Management and Budget (OMB) would be required to do a comprehensive assessment of active breaches in federal networks to hunt down and remove intruders.

The DHS intrusion detection and prevention system known as EINSTEIN would made available to other federal agencies following uncertainty whether other agency could deploy the technology. EINSTEIN would be further strengthened by the addition of advanced cyber technologies including commercial tools. Agencies would be required to implement the system within one year of this bill’s enactment. Privacy protections for the system along with transparency and accountability concerns would be addressed in annual status reports to Congress.

All of these requirements would sunset after seven years, while both DHS and OMB would be subject to ongoing reporting to Congress on the implementation of the EINSTEIN system.

Impact

Federal employees and contractors whose information could be compromised by future breaches, federal agencies that haven’t adopted EINSTEIN for network security yet, DHS, OMB, DOD, and Congress.

Cost of Senate Bill S. 1869

A CBO cost estimate is unavailable.

More Information

In-Depth: This bill’s sponsor — Sen. Tom Carper (D-DE) — called the EINSTEIN program a “valuable tool that can help agencies detect and block cyber threats before they can cause too much harm.” Sen. Ron Johnson (R-WI), the lead cosponsor, added that had the system been in place it “likely would have stopped the hack of the Office of Personnel Management.”

This bill was approved unanimously by the Senate’s Homeland Security and Governmental Affairs Committee, and has received strong support from the Dept. of Homeland Security. The Secretary of DHS Jeh Johnson said that this is a “vital piece of legislation” and praised the enhanced security measures it would require.

Of Note: When the Office of Personnel Management was hacked — allegedly by China — it compromised the personal information of over 21.5 million people who work for or applied for jobs within the federal government.

That breach was followed by a hack of the Department of Defense’s email servers, which gave the intruder — believed to be Russia — access to Pentagon worker’s emails. It also wasn’t the first time the DOD’s networks have been breached in 2015, after Russia hacked into its unclassified network in April.

Media:

Summary by Eric Revell
(Photo Credit: Flickr user medithIT)

AKA

Federal Cybersecurity Enhancement Act of 2016

Official Title

A bill to improve Federal network security and authorize and enhance an existing intrusion detection and prevention system for civilian Federal networks.

bill Progress

Not enacted
The President has not signed this bill
The house has not voted
The senate has not voted
IntroducedJuly 27th, 2015

Bill Data

Issues

Committees

Committee on Homeland Security and Governmental Affairs

Sponsor

Sen Thomas Carper

(D - DE)

1 Cosponsor

Introduced 07/27/2015

Full text of Bill

operaman's Opinion In Favor

···

08/10/2015

Like (4)

Marvin's Opinion Against

···

08/23/2015

I think having only one could make us more vulnerable. I think we should hire hackers to hack the hackers.

Like (4)

TDJCatholicBlogger's Opinion Against

···

08/21/2015

Like (3)

Seeya's Opinion Against

···

08/30/2015

Disband the DHS, they've done nothing but make every law abiding American a potential terrorist.

Like (3)

Alis's Opinion In Favor

···

08/24/2015

Like (2)

MacManX's Opinion Against

···

02/03/2016

While certainly appealing on many levels, this would essentially create a single point of failure for our government's network security, and single points of failure are never a good thing.

Like (2)

Sabra18's Opinion Against

···

08/19/2015

Never put all your eggs in one basket.

Like (1)

John's Opinion In Favor

···

08/13/2015

Common sense. Sadly, this just highlights how incompetent our government is. EVERY SINGLE AGENCY SHOULD HAVE INTRUSION DETECTION AND PREVENTION, IDENTITY MANAGEMENT, FIREWALLS, FRAUD DETECTION AND EVERY OTHER TECHNOLOGY AVAILABLE TO SECURE OUR GOVERNMENT NETWORKS FROM ATTACK. The fact that other agencies don't already have these in place is mind shatteringly outrageous. DHS is a MUCH newer organization than the rest of the Government. They should be implementing solutions already in place at the FBI, CIA, NSA, etc.; not the other way around. If this does not lead to the wide spread termination of every leader and Sr. Security Architect across every agency in the government, it would be a tragic mistake.

Like (1)

jrs333's Opinion In Favor

···

08/12/2015

That is why the DHS was created, to be a warehouse of security information. So let's make it available.

Like (1)

Patrick's Opinion Against

···

08/14/2015

The more different systems in use the less likely a major breach

Like (1)

Mart's Opinion Against

···

08/10/2015

DHS? Come on that dept should be eliminated, not spread!

Like (1)

Berl's Opinion In Favor

···

08/24/2015

Federal government is loosing the cyber war, time to defend themselves better.

Like (1)

Curmudgeon's Opinion In Favor

···

08/10/2015

If there is any unbreached database anywhere it would be good to attempt to firewall it ASAP .

Like (1)

Stephen 's Opinion Against

···

03/06/2016

This money would be better spent creating a agency that would try and breach government security. Every security system has weaknesses. The most important thing is for the government to know their weakness before the bad guys do and not have confidence in their system

Richard's Opinion Against

···

02/18/2016

Proper standards need to be negotiated and implemented.

Randall's Opinion Against

···

03/01/2016

It is costly, and does the Department of Agriculture have anything that justifies that level of security?

Brightstarbeing's Opinion Against

···

03/24/2016

DHS is all but a domestic spy agency. Plus such information would not have the requirement of court orders or warrants if shared with law enforcement. I am vehemently opposed.