Mandate
Einstein is the product of U.S. congressional and presidential actions of the early 2000s including the E-Government Act of 2002 which sought to improve U.S. government services on the Internet. Originating at the National Institute of Standards and Technology and subsequently moved to the General Services Administration, the Federal Computer Incident Response Capability (FedCIRC) was one of four watch centers that were protecting federal information technology when the act designated it the primary incident response center. With FedCirc at its core, US-CERT formed in 2003 as a partnership between the newly created DHS and the CERT Coordination Center which is at Carnegie Mellon University and funded by the U.S. Department of Defense. US-CERT delivered Einstein to meet statutory and administrative requirements that DHS help protect federal computer networks and the delivery of essential government services. Einstein was implemented to determine if the government was under cyber attack. Einstein did this by collecting flow data from all civilian agencies and compared that flow data to a baseline. If one Agency reported a cyber event, the 24/7 Watch at US CERT could look at the incoming flow data and assist resolution. If one Agency was under attack, US CERT Watch could quickly look at other Agency feeds to determine if was across the board or isolated.
Einstein's mandate originated in the Homeland Security Act and the Federal Information Security Management Act, both in 2002, and the presidential directive named Homeland Security Presidential Directive (HSPD) 7 which was issued on December 17, 2003. On November 20, 2007, "in accordance with" an Office of Management and Budget (OMB) memo, Einstein version 2 was required for all federal agencies, except "not to include" the Department of Defense and United States Intelligence Community agencies in the executive branch.
Read more about this topic: Einstein (US-CERT Program)