by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : October 2014
Cybersecurity 20 October 2014 FCW.COM mittee, one of several congressional committees with jurisdiction over DHS, said department officials were prompt in briefing committee members on the nature of the Heartbleed threat. But in this case, word of the threat got out much quicker than DHS could deploy Einstein to address it. In July, the House passed the kind of legislation that senior DHS officials have long been calling for. The National Cybersecurity and Critical Infrastruc- ture Protection Act would codify and enhance NCCIC as the hub for sharing threat information across sectors. The bill, which now sits before the Senate Homeland Security and Governmental Affairs Committee, will compete with several other measures for lawmakers’ attention during the lame-duck session this fall. However, a committee aide expressed optimism that bipartisan support for doing something on cyber- security would help the bill’s chances. Too big a piece of the puzzle? Einstein is a central piece of DHS’ cyber defense. Indeed, some experts warn that it could be too central to the effort. John Pirc, a former cybersecurity researcher at the CIA and until recently chief technology officer at IT testing organization NSS Labs, said he believes DHS might be making a mistake by relying so heavily on Einstein. The kind of intrusion-detection systems Einstein uses are “typically myopically focused on exploits,” Pirc said. “If you have a pared-down list of known vulnerabilities or exploits...are those current or are those legacy? And the reason why that’s important is that the adversary is not always going to be using new techniques. They’re going to use old stuff...for the mere fact of trying to evade the system.” Pirc argues that Einstein’s signa- ture-based security technologies “only know what they’re being told to look for” and don’t address much of the encrypted traffic on networks. He said the program is helping the government improve its cybersecurity posture, but “where I think Einstein is falling short... is you’re using technology that is only solving a fraction of the problem.” Ken Durbin, manager of Symantec’s Continuous Monitoring and Cyberse- curity Practice, said it is important not to think of Einstein as a silver bullet for the government’s cybersecurity vul- nerabilities but as one of an arsenal of weapons. “I’ve heard several times that cyber- security isn’t like finding a needle in a haystack. It’s like finding a dirty needle in a pile of needles,” he said. “And any tool that you can use to pull out some of those needles to reduce the scope of your search is effective and useful.” Symantec, one of the largest infor- mation security firms in the world, was unsuccessful in its bid to have DHS use the firm’s data repository to feed into Einstein, but Durbin said he gained intimate knowledge of the program in pursuit of that work. In separate interviews, Durbin and Zitz described Einstein as a founda- tional tool for threat detection that complements another pillar of DHS’ cybersecurity work: the Continuous Diagnostics and Mitigation program. Congress established CDM as a risk- based approach to cybersecurity that uses sensors to detect weaknesses on agency networks and send alerts to local dashboards. Whereas Einstein addresses network traffic, CDM scans AUGUST-SEPTEMBER 2013 The Syrian Electronic Army, a hacking group aligned with President Bashar al-Assad, threatens cyberattacks on U.S. assets. DHS’ Office of Intelligence and Analysis and its National Protection and Programs Directorate show improved coordination with each other in responding to the threat. DECEMBER 2013 Jeh Johnson is sworn in as DHS secretary. Since then, Johnson has shown a keen interest in having Congress pass multiple cybersecurity bills and lobbied them to do so in a recent opinion piece. The Department of Homeland Security was created in 2002 and began deploying Einstein — an intrusion-detection system designed to offer the government a snapshot of federal civilian networks — in 2005. A glance at the past 15 months, however, shows how rapidly the cyber landscape is shifting. DHS and cybersecurity through the years “Subject-matter experts and technical experts who are inside of government ... are extremely valuable and sought after in the private sector as well.” — Rob Zitz, Leidos
September 30, 2014
November and December 2014