Einstein 3 is the Federal Government’s expanded system for protecting Federal cyber networks through the inspection of all traffic heading to Federal networks. It is both an intrusion detection and an intrusion prevention system which operates at the gateways to the Federal networks, outside the Federal system on the private networks of TICs — Trusted Internet Connections. Though generally considered not problematic (since the traffic is all headed to the Federal government) the use of Einstein 3 still raises some interesting privacy questions. For those following the topic, then, today’s announcement from the DHS Privacy Office is worth noting:
The EINSTEIN 3 Accelerated (E3A) Privacy Impact Assessment (PIA) was posted on the DHS Privacy Office website today.
Similar to EINSTEIN 1 and EINSTEIN 2, DHS will deploy E3A to enhance cybersecurity analysis, situational awareness, and security response. With E3A, DHS will not only be able to detect malicious traffic targeting Federal Government networks, but also prevent malicious traffic from harming those networks. DHS will accomplish this through intrusion prevention capabilities delivered as a Managed Security Service provided by Internet Service Providers (ISP). Under the direction of DHS, ISPs will administer intrusion prevention and threat-based decision-making on network traffic entering and leaving participating federal civilian Executive Branch agency networks.
I also encourage you to read the attached National Cybersecurity Protection Services (NCPS) PIA, published July 30, 2012, which serves as a programmatic PIA for the NCPS suite of capabilities, including E3A. The NCPS provides the technical foundation for US-CERT activities and is an integrated system for intrusion detection, analysis, intrusion prevention, and information sharing capabilities that are used to defend the federal civilian government’s information technology infrastructure from cyber threats.