«

»

Jul
14

Written testimony of DHS Secretary Jeh Johnson for a House Committee on Homeland Security hearing titled “Worldwide Threats to the Homeland: ISIS and the New Wave of Terror”

Via: Sci/Tech Nation

***

Cybersecurity

***

I have issued an aggressive timetable for improving federal civilian cybersecurity, principally through two DHS programs:

The first is called EINSTEIN. EINSTEIN 1 and 2 have the ability to detect and monitor cybersecurity threats attempting to access our federal systems, and these protections are now in place across nearly all federal civilian departments and agencies.

EINSTEIN 3A is the newest iteration of the system, and has the ability to automatically block potential cyber intrusions on our federal systems. Thus far E3A has actually blocked over a million potential cyber threats, and we are rapidly expanding this capability. About a year ago, E3A covered only about 20% of our federal civilian networks. In the wake of the malicious cyber intrusion at the Office of Personnel Management, in May of last year I directed our cybersecurity team to make at least some aspects of E3A available to all federal departments and agencies by the end of last year. They met that deadline. Now that the system is available to all civilian agencies, 50% of federal personnel are actually protected, including the Office of Personnel Management, and we are working to get all federal departments and agencies on board by the end of this year.

The second program, called Continuous Diagnostics and Mitigation, or CDM, helps agencies detect and prioritize vulnerabilities inside their networks. In 2015, we provided CDM sensors to 97% of the federal civilian government. Next year, DHS will provide the second phase of CDM to 100% of the federal civilian government.

I have also used my authorities granted by Congress to issue Binding Operational Directives and further drive improved cybersecurity across the federal government. In May 2015, I directed civilian agencies to promptly patch vulnerabilities on their Internet-facing devices. These vulnerabilities are accessible from the Internet, and thus present a significant risk if not quickly addressed. Agencies responded quickly and mitigated all of the vulnerabilities that existed when the directive was issued. Although new vulnerabilities are identified every day, agencies continue to fix these issues with greater urgency then before the directive.

Last month, I issued a second binding operational directive. This directive mandated that agencies participate in DHS-led assessments of their high value assets and implement specific recommendations to secure these important systems from our adversaries. We are working aggressively with the owners of those systems to increase their security.

Read Complete Testimony

Leave a Reply

Please Answer: *