theregister | The US government's firewall, named Einstein, is not as smart as its name would suggest.
A report [PDF] by the General Accounting Office (GAO) into the National Cybersecurity Protection System (NCPS) has concluded that it is only "partially meeting its stated system objectives." Which is a polite way of saying it sucks.
Among the extraordinary pieces of information to emerge are the fact that the system – which has cost $5.7bn to develop – does not monitor web traffic for malicious content, just email. It can't uncover malware on a system and it doesn't monitor cloud services either.
The system also carries out only signature-based threat assessment and intrusion detection i.e. it's a dumb terminal waiting to be told what to find rather than looking for unusual activity. And that means it is wide open to zero-day attacks.
If that wasn't enough, the department behind the system – the Department of Homeland Security (DHS) – hasn't included anything to measure the system's own performance so it doesn't even know if it's doing a good job or not. And it is failing to ask for or share information with other agencies, effectively making it blind.
It is hardly surprising then that the uptake of Einstein has not exactly been stellar. The report notes that federal agencies have adopted the NCPS "to varying degrees."
There are 23 agencies that are actually required to implement the system but the GAO found that while those agencies were routing "some" traffic to the system, only five of them were using the system to deal with possible intrusions.
"This occurred in part because DHS has not provided network routing guidance to agencies," the report notes. "As a result, DHS has limited assurance regarding the effectiveness of the system."
Which is a roundabout way of saying that sysadmins want nothing to do with it.
0 comments:
Post a Comment