All of that is what makes an experimental partnership between Michigan and the U.S. Department of Homeland Security (DHS) so intriguing. In December 2009, Michigan IT officials announced they began using the federal government's Einstein 1 network monitoring system to watch for suspicious activity in executive branch computer networks.
Einstein 1 looks at where network traffic comes from, where it's going and what kind of traffic it is - and collects that information for analysis by the United States Computer Emergency Readiness Team (US-CERT), a public-private group of cyber-security experts operated by the DHS. Federal executive branch agencies already use the system, and the 12-month Michigan pilot marks the first attempt to extend the system to state government.
Michigan CIO Ken Theis says sharing resources like Einstein 1 could help cut the cost of protecting sensitive government information. "They're extending this technology out to us. So rather than us needing to make these investments, we're leveraging the investment they've already made," he says. "That allows us to continue to increase our security capabilities."
Michigan is no slouch when it comes to data protection. It added extensive security measures during an initiative to consolidate state government technology systems. But the Einstein experiment gives the state access to global cyber-security analysis conducted by the US-CERT. The feds benefit, too, by getting a more complete picture of potential threats hitting government computers. "It's a win-win," says Theis. "To me, there's not a greater example of collaboration and shared services."
But just because sharing security resources makes sense doesn't mean it's easy. Michigan's Department of Information Technology spent more than a year hammering out details with the DHS. Among the sticking points: reconciling state and federal laws on data security and privacy, determining what types of information can be shared between the state and DHS, and figuring out how to handle Freedom of Information Act requirements.
The DHS will evaluate the project after 12 months and assess its future, and is careful to point out that Einstein 1 does not read the content of e-mail and other messages traveling through Michigan computer networks. Instead, the system examines "network flow records" that merely show peripheral data about traffic entering and leaving state computers.
Theis acknowledges that if the program were to expand, giving the feds access to state computer systems could cause heartburn in some statehouses and among privacy advocates. "They [DHS] are trying to keep this a security issue, not a political issue," he says.
But if the experiment succeeds, it could pave the way for greater sharing of cyber-security resources among state, local and federal government - and give better protection against increasingly sophisticated cyber-criminals.
