While the complete results of the Government Accountability Office (GAO) federal audit are secret, a public version containing some findings was released on Thursday.
“Until NCPS’ intended capabilities are more fully developed, DHS will be hampered in its abilities to provide effective cybersecurity-related support to federal agencies,” GAO director of information security issues, Gregory C. Wilshusen, and Nabajyoti Barkakati, director of the GAO Center for Technology and Engineering, wrote in the audit findings.
The $6 billion EINSTEIN cybersecurity program is intended to protect against online-based threats to the country’s networks, but the audit found that the DHS-sponsored program failed to protect against advanced persistent threats.
The DHS defended EINSTEIN, asserting that the firewall is only one layer of protection in a multi-layer system.
Defense One reported that EINSTEIN was able to flag, to some extent, only 6% of all the security bugs tested, or 29 out of 489 known vulnerabilities.