According to a recent GAO report, the Department of Homeland Security’s (DHS) National Cybersecurity Protection System, commonly referred to as EINSTEIN, is not meeting its stated objectives. The purpose of EINSTEIN is to protect federal civilian executive branch agencies from cyber attacks. EINSTEIN monitors traffic to and from these agencies to identify malicious activity, serves as an intrusion detection system, and provides DHS with threat information that can be used to help both the government and the private sector to manage cyber risk. EINSTEIN uses a signature-based intrusion detection system that compares network traffic to known malicious behavior (signatures). The GAO report noted that while a signature-based system is capable of preventing attacks from known threats, it is not structured to prevent against unknown attacks, such as “zero days” that exploit an existing vulnerability in a product. The GAO report also noted that DHS had not yet fully developed the tools for information sharing, such as tools that will notify affected entities of suspected malicious activity.  In response to the GAO report, representatives from DHS stated that the program has been effective in identifying significant incidents and has improved detection of hackers within the system. DHS representatives also emphasized that EINSTEIN is intended to be one of many tools used by the federal government to prevent and detect against cyber attacks.  In his recent budget proposal, President Obama requested $471.1 million for EINSTEIN to enable the system to maintain its current capabilities and invest in new technologies and analytics.