DHS/NPPD/PIA-008

Citation
Department of Homeland Security, EINSTEIN 2 (DHS/NPPD/PIA-008) (May 19, 2008) (full-text).

Overview
The original PIA for EINSTEIN 1, dated September 2004, explained that EINSTEIN 1 analyzes network flow information from participating federal civilian Executive Branch agencies networks and provides a high-level perspective from which to observe potential malicious activity in computer network traffic of participating agencies' computer networks.

The updated version, EINSTEIN 2, incorporates network intrusion detection technology capable of alerting NCCIC/US-CERT to the presence of malicious or potentially harmful computer network activity in federal civilian Executive Branch agency network traffic. EINSTEIN 2 principally relies on commercially available intrusion detection capabilities to increase the situational awareness of the US-CERT.