Johnson rebuts audit criticism on $6B Einstein defense

Jeh Johnson issued a statement Monday defending the National Cybersecurity Protection System, commonly known as Einstein, after a Government Accountability Office report said the program is limited in its capabilities and fails to protect against advanced attacks.

The technology meant to protect federal government computer networks from cyberattacks got a vote of confidence from the Secretary of Homeland Security over the weekend, despite an audit that found the system falls well short of its objectives.

Jeh Johnson issued a statement Saturday defending the $6 billion National Cybersecurity Protection System, commonly known as Einstein, after a Government Accountability Office report last week said the program is limited in its capabilities and cannot protect against advanced attacks.

In the statement, Johnson says DHS has been aggressive in covering the federal government’s digital infrastructure with the third version of Einstein — known as Einstein 3A — with the tool proving “invaluable” in a number of breach investigations.

According to Johnson, Einstein 3A now covers about half of the federal government, and has blocked 700,000 attacks.


He added that “[u]nlike commercial products, Einstein 3A can rely upon classified information, so the government is protected against our most sophisticated adversaries.”

“DHS will continue to ensure that every department and agency to which Einstein 3A is now available is in fact protected by the program in the near future,” Johnson said. “I have communicated directly to cabinet members to ensure that we collectively prioritize this. Recognizing the importance of Einstein, Congress has also mandated that all federal civilian agencies participate in the program by the end of 2016.”

Johnson did not dispute any of the report’s findings, remarking that the system is not a “silver bullet.” To stop new forms of attack, Johnson has directed DHS to build new capabilities that will sit atop the current version of Einstein.

Even before the audit, there was skepticism from many observers about the system. Even cyber officials inside DHS have acknowledged that Einstein is more than a decade removed from being state-of-the-art.

“Einstein 3A is really where we needed to be 15 years ago,” said Greg Touhill, deputy assistant secretary of cybersecurity operations and programs at DHS said at a Chertoff Group event in November. “In my personal view, we are a little lean on this capability.”


Einstein has cost $1.8 billion through fiscal year 2014, with the program expected to top $6 billion in costs by the end of its life cycle in 2018.

Contact the reporter on this story via email at, or follow him on Twitter at @gregotto. His OTR and PGP info can be found hereSubscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here:

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts