Skip to content

The ABC’s of Cyberwarfare

March 10, 2011

A great article in the Christian Science Monitor this week provides some insight into one of the lesser-known tools in the federal government’s arsenal of cyber defense, the National Cybersecurity and Communications Integration Center‘s EINSTEIN 2 system.  For those that don’t know, the NCCIC (pronounced en-kick… because it can’t be a government program if it doesn’t have an acronym!) is the division of the Department of Homeland Security (DHS) that provides perhaps the most compelling evidence yet that the U.S. government is serious about cybersecurity — the EINSTEIN program unifies security monitoring across federal technology infrastructure, including the DHS, FBI, DOD, and NSA.

The EINSTEIN 2 infrastructure is massive, consisting of thousands of servers and a multitude of network infrastructure devices, all wrapped in a 7x24x365 fully-manned SOC with global visibility.  So, as a prudent citizen might ask, why are we spending this kind of money? Well, EINSTEIN is looking for patterns of large-scale periods where things are “not normal” for security.  As the CSM article points out, the threats are real, and they’re rife.  The STUXNET worm, for example — which I personally believe represents the first salvo in complex-payload, multi-vector malware that we’ve ever seen on a decent scale – has already been deconstructed by an Egyptian student, and key components of the analysis posted to his blog.  Large-scale security threats — such as when Estonia’s Internet and banking communications infrastructure was cutoff in 2009, or more recently, where nations such as Egypt and Iran have eliminated Internet and communications infrastructure connectivity en masse to their citizens – are real, tangible examples of cyberwarfare, and the problem is only going to get worse with time.  Programs such as EINSTEIN are going to be the front line of defense for early detection and elimination of broad, pattern-based and advanced persistent threats, that can’t be encapsulated in a simple signature.

We at eIQ think that the EINSTEIN program is important, because it demonstrates a real-world, massive-scale situational awareness solution — and validates the importance of the concept.  Of course, the problem with EINSTEIN 2 is its scope; it’s designed to look at large, federal infrastructure, including U.S. technology assets located in foreign nations, as well as battlefield technologies.  No doubt this is a good thing — but it isn’t very useful for organizations outside the scope of the federal space.  <shameless_plug>Fortunately, organizations can acquire their own situational awarness solution that doesn’t require (literally!) an Act of Congress.</shameless_plug>

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: