How much safety does $5.7 billion in government spending on cybersecurity buy taxpayers? According to information in a new federal audit of the Department of Homeland Security’s National Cybersecurity Protection System, it doesn’t buy much.
The Government Accountability Office revealed in its report that the nationwide firewall, dubbed EINSTEIN by DHS insiders, was implemented and managed pretty stupidly by government bureaucrats working for America’s vast post-9/11 security machine.
EINSTEIN was developed by the Department of Homeland Security to serve as a government grade firewall to keep hackers, foreign spies and other potential evil doers from getting into federal computer networks. Unfortunately, the GAO reported, the DHS software is actually probably far less capable of guarding against malicious attacks than software the government has already bought from commercial providers. In other words, spending a couple thousand dollars on a business-grade network security system offers more protection than the $5.7 billion boondoggle.
Among a few of the problems outlined in the report, EINSTEIN can’t:
- Conduct broad monitoring for unusual network activity
- Monitor cloud services to guard against data breaches
- Keep track of malicious content in web traffic
- Uncover malware once it makes it into a system
According to the report, the DHS program is capable of recognizing and protecting networks against just 6 percent of today’s most common hacking threats. Even a top DHS official admitted that the software is only equipped to handle the cybersecurity demands of 15 years ago.
The system is so bad that of 23 government agencies which are supposed to be using EINSTEIN, only five trusted it enough to use the system as a defense against hackers.
In response to the GAO report, DHS officials essentially said the system sucks because they were only asked to do the bare minimum: “[I]t is the responsibility of each agency to ensure their networks and information systems are secure while it is the responsibility of DHS to provide a baseline set of protections and government-wide situational awareness, as part of a defense-in-depth information security strategy.”
Meanwhile, headlines about massive government data breaches emerge daily. On Monday, hackers released detailed contact information for 20,000 FBI employees. That breach followed a similar data dump involving 10,000 DHS employees a day earlier.
President Barack Obama wants to fix the problem by increasing government cybersecurity spending by 35 percent, or to about $19 billion, in fiscal 2017.