By Steven M. Bellovin*, Scott O. Bradner**, Whitfield Diffie***, Susan Landau****, and Jennifer Rexford***** —
In an effort to protect its computer systems from malevolent actors, the U.S. government has developed a series of intrusion-detection and intrusion- prevention systems aimed at monitoring and screening traffic between the internet and government systems. With EINSTEIN 3, the government now may seek to do the same for private critical infrastructure networks. This article considers the practical considerations associated with EINSTEIN 3 that indicate the program is not likely to be effective. Considering differences in scale, the inability to dictate hardware and software choices to private parties, and the different regulatory framework for government action in the private sector, this Article discusses why the government may be unable to effectively implement EINSTEIN 3 across the private networks serving critical infrastructure. Looking at what EINSTEIN aims to protect, what it is capable of protecting, and how privacy considerations affect possible solutions, this Article provides suggestions as to how to amend the EINSTEIN program to better protect critical infrastructure.
* Professor, Department of Computer Science, Columbia University. ** University Technology Security Officer, Harvard University. *** Vice President for Information Security, ICANN and Visiting Scholar, Center for International Security and Cooperation, Stanford University. **** Written while Elizabeth S. and Richard M. Cashin Fellow, Radcliffe Institute for Advanced Study, Harvard University (2010–2011); currently Visiting Scholar, Department of Computer Science, Harvard University. ***** Professor, Department of Computer Science, Princeton University.