Does Einstein need a post-SolarWinds makeover?

On day one of Alejandro Mayorkas’ tenure as secretary of the Department of Homeland Security, if he’s confirmed as expected, he’ll be under pressure from Congress to deliver answers about why the federal government’s cybersecurity measures failed to detect or defend against the SolarWinds Orion hack.

Mayorkas promised at his confirmation hearing to review the agency’s high profile cybersecurity programs, including the network protection program Einstein that’s a key component of the National Cybersecurity Protection System.


Philip Reitinger, president and CEO of the Global Cyber Alliance, said, “The challenge with detecting activity like the SolarWinds hack is that the hack is accomplished through ‘authorized’ malware.”

To detect that malware, a defensive system would either have to deny all communications that are not explicitly whitelisted or establish a user activity baseline capable of singling out abnormalities for investigators to pursue. “That can be difficult to do and resource intensive,” he added.

Read the entire article at Federal Computer Week.