Can It Really Work? Problems with Extending EINSTEIN 3 to Critical Infrastructure

28 Pages Posted: 23 May 2011 Last revised: 5 Apr 2015

See all articles by Steven M. Bellovin

Steven M. Bellovin

Columbia University - Department of Computer Science

Scott O. Bradner

Harvard University

Whitfield Diffie

Stanford University - Center for International Security and Cooperation

Susan Landau

Tufts University

Jennifer Rexford

Princeton University - Department of Computer Science

Date Written: May 17, 2011

Abstract

In 2004 the increasing number of attacks on U.S. federal civilian agency computer systems caused the government to begin an active effort to protect federal civilian agencies against cyber intrusions. This classified program, EINSTEIN, sought to do real-time, or near real-time, automatic collection, correlation, and analysis of computer intrusion information as a first step in protecting federal civilian agency computer systems. EINSTEIN grew into a series of programs, EINSTEIN, EINSTEIN 2, and EINSTEIN 3, all based on intrusion-detection and intrusion-prevention systems (IDS and IPS). Then there was public discussion of extending the EINSTEIN system to privately held critical infrastructure.

Extending an EINSTEIN-like program to the private sector raises serious technical and managerial issues. Scale matters, as do the different missions of the private sector and the public one. Expanding EINSTEIN-type technology to critical infrastructure is complicated by the complex legal and regulatory landscapes for such systems. There are simply fundamental differences between communication networks supporting the U.S. federal government and those supporting the private-sector critical infrastructures that create serious difficulties in attempting to extend EINSTEIN-type technologies beyond the federal sector. This paper examines the technology's limitations, pointing out the problems involved in expanding EINSTEIN beyond its original mandate.

Suggested Citation

Bellovin, Steven M. and Bradner, Scott O. and Diffie, Whitfield and Landau, Susan and Rexford, Jennifer, Can It Really Work? Problems with Extending EINSTEIN 3 to Critical Infrastructure (May 17, 2011). Available at SSRN: https://ssrn.com/abstract=1844904 or http://dx.doi.org/10.2139/ssrn.1844904

Steven M. Bellovin

Columbia University - Department of Computer Science ( email )

New York, NY 10027
United States

Scott O. Bradner

Harvard University ( email )

1875 Cambridge Street
Cambridge, MA 02138
United States

Whitfield Diffie

Stanford University - Center for International Security and Cooperation ( email )

Susan Landau (Contact Author)

Tufts University ( email )

Medford, MA 02155
United States

Jennifer Rexford

Princeton University - Department of Computer Science ( email )

35 Olden Street
Princeton, NJ 08540
United States

Register to save articles to
your library

Register

Paper statistics

Downloads
222
Abstract Views
1,183
rank
139,917
PlumX Metrics