Cybersecurity

GAO to DHS: Intrusion detection system fails to meet expectations

Only a fraction of the agencies required to use the National Cybersecurity Protection System do so, according to a new report, which also stated that the system is lacking in its intrusion and prevention capabilities anyway.

Although all 23 agencies required to implement intrusion detection capabilities had routed some traffic through the $1.2 billion system, known as NCPS or Einstein, only five received intrusion prevention services, according to a January Government Accountability Office report (pdf). But moreover, the Homeland Security Department needs to do more to beef up the system, GAO said.

For instance, NCPS gives the department some ability to detect potentially malicious activity affecting federal computer networks by comparing network traffic to known malicious signatures, but it does not find new or unknown patterns of threatening data, nor does the system monitor all types of network traffic, GAO found.