Federal administrations addressed endpoint security within government agencies, initiating the role of the Cybersecurity and Infrastructure Security Agency (CISA).

The Cybersecurity and Infrastructure Security Agency (CISA) is taking significant steps to modernize its EINSTEIN system, aiming to centralize information for better visibility, attribution, and response in agency systems. This transformation comes as the world has evolved since the system's inception 15 years ago, with a focus initially on perimeter security.

CISA's revamped EINSTEIN system, part of the government's existing Endpoint Detection and Response (EDR), will now concentrate more on detecting threat activity at the endpoint and in the cloud. This move is crucial for early detection capabilities, as highlighted by the SolarWinds breach, which has led some legislators to consider EINSTEIN outdated.

Established in 2018, CISA's mission is to centralize cyber operations for federal departments and agencies. The agency's director, Jen Easterly, a renowned cybersecurity expert with a military and intelligence background, is leading this modernization effort.

Under the Biden administration, CISA now has the ability to persistently hunt for threats, thanks to the new authorities it was given through the National Defense Authorization Act (NDAA) FY2021. This authority allows CISA to work across government networks, improving early detection capabilities and creating enterprise-level visibility across bureaus and sub-agencies.

The memo follows President Joe Biden's May cybersecurity executive order, which emphasized the need for a zero trust model in federal cybersecurity. In line with this, Jen Easterly has emphasized the need for the architecture to be based on zero trust principles.

Agencies have been given a deadline of 120 days to assess their current EDR capabilities with CISA. They also have 90 days to provide CISA access to their enterprise EDR deployments or collaborate with CISA to identify future state options.

CISA's goal is to make it easier for outside organizations and companies to work with them. They plan to use threat analysis only the government can provide to enrich commercial feeds with sensitive government data, strengthening the overall cybersecurity posture of both public and private sectors.

The new EDR system will provide insights into advanced persistent threats (APTs) on networks, housing the collection and monitoring of endpoint data. This will enable CISA to make significant changes, as stated by Director Easterly, once they instantiate the EDR technology, access object level data, and build the necessary analytics.

This shift towards modernizing EDR systems is a crucial step in enhancing the U.S. federal government's cybersecurity capabilities, ensuring better protection against the evolving threat landscape.