Purpose: The NCPS, operationally known as EINSTEIN, is an integrated system of intrusion detection, analytics, intrusion prevention, and information sharing capabilities that are used to defend the Federal Executive Branch civilian government's IT Purpose: The NCPS, operationally known as EINSTEIN, is an integrated system of intrusion detection, analytics, intrusion prevention, and information sharing capabilities that are used to defend the Federal Executive Branch civilian government's IT infrastructure from cyber threats. The NCPS consists of the hardware, software, supporting processes, training, and services that are being developed and acquired to support the Department's mission requirements as delineated in the CNCI and mandated in NSPD-54/ HSPD-23. The NCPS provides a wide range of cyber security capabilities for the Federal Executive Branch government networks (.gov domain), including: Intrusion detection (passive defense), Intrusion prevention (active defense), Advanced cyber analytics - such as data aggregation & correlation, visualization, malware analysis, and packet capture, Incident Management, and Information sharing and collaboration. Goals: Improve detection, prevention, and notification of cyber incidents, improve correlation, aggregation and visualization of cybersecurity data, improve information of cybersecurity activity.Current/Anticipated Benefit: This range of capabilities supports US-CERT operations, helps prevent cyber attacks on the .gov domain and reduces the time to respond to and recover from cyber attacks when they occur.Users: The users of the NCPS capability within the Department are US-CERT, and outside the Department are Departments and Agencies (D/A) Security Operations Centers (SOCs).Stakeholders of the NCPS include: Federal executive leadership, Federal Executive Branch civilian Departments and Agencies, tribal, state and local government, law enforcement, private industry, and international partners. More..
FY2013 (CY) Spending
Time frame of Investment
2008 - 2021
No change in status
Janet A. Napolitano
National Protection and Programs Directorate
The NCPS program is critical to the cyber security of the Federal Civilian Government IT infrastructure and is delivering needed capabilities. User sThe NCPS program is critical to the cyber security of the Federal Civilian Government IT infrastructure and is delivering needed capabilities. User satisfaction issues with Block 2.1 are being addressed through methods that do not require updates to the system. The PMO is monitoring system usage as a gauge of user acceptance. Staffing is on target with the staffing plan. The program, rebaselined in March 2011, is now operating in line with the baseline; however, the Life Cycle Cost Estimate (LCCE) will be revised to address the change in acquisition approach for Einstein 3 Advanced (E3A). NCPS has developed a detailed set of deliverables for its contractors as reflected in the Tailoring Plan and has mapped these deliverables to time, schedule, budget, and work breakdown structure (WBS). If the program is funded at the FY13-17 Resource Allocation Decision levels, there is a risk that there will be insufficient funding in FY15 to conduct a full technical refresh of the 2.1 as planned. The program has adopted the use of the Executive Steering Committee to ensure stakeholders are kept apprised of ongoing efforts and to escalate any issues requiring department level involvement. E3A work is progressing. The CIO assesses the NCPS program as a Moderately Low Risk investment. More..
Number of Projects
|Project Name||Project Life Cycle Costs||Cost Variance||Schedule Variance|
|NCPS Block 3.0||$236.9 M|
|NCPS Maintenance||$2.52 B|
|NCPS Block 2.2||$65.75 M|
|NCPS Block 2.1||$40.4 M|
|NCPS Block 2.0||$97.69 M|
|Metric Description||Frequency||Unit of Measure||FY2013 Target||Most Recent Actual||Met/Not Met||Updated Date of Most Recent Actual|
|Percent of Federal Executive Branch civilian netwoPercent of Federal Executive Branch civilian networks monitored for cyber intrusions with advanced technology More..||Quarterly||PercentPercent||70||57||Not Met||2013-03-21|
|Percent of unique high priority alert-level eventsPercent of unique high priority alert-level events detected by the National Cybersecurity Protection System (NCPS), validated as legitimate incidents More..||Quarterly||PercentPercent||94||89||Not Met||2013-03-31|
|Average time in minutes from automated threat idenAverage time in minutes from automated threat identification at the threat collector to ticket generation in the incident handling system More..||Quarterly||MinutesMinutes||60||15.44||Met||2013-03-31|
|Percent of identified high vulnerabilities where mPercent of identified high vulnerabilities where mitigation strategies were provided More..||Monthly||PercentPercent||94||100||Met||2013-03-31|
|Average System Availability of the National CybersAverage System Availability of the National Cybersecurity Protection System (NCPS) More..||Quarterly||PercentPercent||99.5||0||Not Met||2012-09-07|
The () symbol indicates the link is broken or not publicly available.
|Does the investment have any activities with a planned duration greater than a year?:||Yes|
|Planned duration of the longest activity (days):||548|
|Average planned duration of in-progress and future activities (days):||228|
|Planned cost of one activity is greater than 25% of total planned cost of all activities?:||No|
|Number of contracts applying modular development principles:||3|
All activity calculations assess only activities with no related child activities.
Note: All descriptions, dates, and costs are as reported by agencies.
This section includes details about the organizations and leadership responsible for the performance of this investment. Many of the details included in the IT Dashboard are based on the agency’s Exhibit 300 (also known as a Business Case), submitted to the Office of Management and Budget. Access this document by clicking View Exhibit 300. Performance Metrics established by the agency can also be viewed here.
The agency CIO evaluates every investment and assigns a score from 1-5. Visit the FAQs for details on the factors CIOs use to rate an investment.
Cost variance is calculated as the variance between the actual costs of an investment’s activities and their planned costs to date in dollars as a percentage of the activities’ total costs. Visit the FAQs for details on how the IT Dashboard calculates Cost variance.
Schedule variance is calculated as the variance between the investment’s planned and actual progress so far, in days as a percentage of the scheduled work so far. Visit the FAQs for details on how the IT Dashboard calculates Schedule variance.
Submit your comments, bugs, and suggestions on how to improve IT Dashboard.