The Cybersecurity and Infrastructure Security Agency (CISA) is planning to retire two services from the Homeland Security Department’s cybersecurity program, Einstein, as they have become outdated. The two services that will be discontinued as of December 22 are email filtering capabilities and domain name service (DNS) sinkholing services. DNS sinkholing aids in safeguarding against the utilization of a domain name server to establish communication with compromised hosts or distribute malware, while email filtering protects against the use of malicious file attachments and embedded links in email content.
- CISA’s decision to end these DNS services primarily stems from the fact that almost all federal civilian agencies have shifted to the Protective DNS Resolution Service over the past year.
- The transition to the cloud and commercial email services has prompted the need for CISA to turn off these services, as commercial capabilities have improved to a level where they are as good as or better than the government’s offerings.
- Agencies that are yet to move their email services to the cloud are recommended by CISA to consider moving to a commercial cloud provider with integrated email security services.
- CISA has clarified that Einstein 1 and E2 services will not be discontinued. E1 monitors the flow of network traffic to and from civilian agencies and aids CISA in identifying potentially malicious activity. E2, on the other hand, identifies malicious or potentially harmful computer network activity based on specific known signatures.
The ending of some of the EINSTEIN program services was indicated by CISA earlier this year. In its 2024 budget request, CISA asked for $424.9 million for its new “Cyber Analytics and Data System”. Furthermore, CISA has been working on expanding its shared services offerings, including the DNS, mobile security, and a vulnerability disclosure platform. This move is also influenced by the lines between government and commercial cyber services becoming more blurred.
In conclusion, the ongoing evolution of cybersecurity threats requires constant updates and adaptations in strategies and tools used to combat them. It is crucial for organizations to stay up-to-date and harness advanced solutions for adequate protection.