A good day to try hard

Jeh Johnson

Homeland Security Secretary Jeh Johnson dismissed the notion that the United Airlines, New York Stock Exchange and Wall Street Journal network problems were related.

Three simultaneous -- and potentially alarming -- computer and network glitches at the Wall Street Journal, United Airlines and the New York Stock Exchange probably aren't related, Homeland Security Secretary Jeh Johnson said in a speech while the problems were still being addressed July 8. But they illustrate the increasingly complex world of cyber threats his department deals with.

In a presentation at the Center for Strategic and International Studies in Washington, Johnson said he had spoken to officials from all three organizations about the problems.

The New York Stock Exchange and the United Airlines outages weren't the result of "nefarious activity," said Johnson. He said DHS was less sure about the outage at the Wall Street Journal, however.

Those threats, he said, show the environment that DHS is working in to protect .gov networks and help private industry and public networks to become less vulnerable to being hacked or attacked.

"Cybersecurity is a top priority" at DHS, he said. "It's my personal mission to significantly enhance" his agency's role in providing it.

DHS's Einstein and Continuous Diagnostics and Mitigation programs, he said, are moving ahead as planned, but he added Congress needs to write stronger cybersecurity legislation to bolster his department's efforts.

The Einstein 1 and 2 programs now protect all federal civilian traffic routed through a secure Internet gateway, he said. Einstein 3 Accelerated, or EA3, that resides with the Internet service providers serving the federal government and identify and block known malicious traffic, is being deployed.

In December 2014, E3A protected 237,414 federal personnel; that figure is now over 931,000, or approximately 45 percent of the federal civilian government, Johnson said. "I have directed that DHS make E3A fully available to all federal departments and agencies, and have challenged us to make aspects of E3A available to all federal civilian departments and agencies by the end of 2015," he said.

Since its introduction, according to Johnson, E3A has blocked more than 550,000 requests to access potentially malicious websites.

The department's CDM deployment is divided into three phases. The first phase, being deployed by DHS currently, checks to ensure that all computers and software on agency networks are secure. The second phase will monitor users on agencies’ networks and ensure they are not engaging in unauthorized activity. The third phase will assess activity happening inside agencies’ networks to identify anomalies and alert security personnel.

"To date, we have made the first phase of CDM available to eight agencies, covering over 50 percent of the federal civilian government," he said. Johnson said he expects DHS to make phase one available to 97 percent of the federal civilian workforce by the end of fiscal 2015. "I am also requesting authorization from Congress to provide additional funding to speed up CDM phase two," he said.

He welcomed congressional efforts to draw up bipartisan cybersecurity legislation, but noted he needs three things from it. First, he said, it should formally authorize the Einstein program, which would eliminate any remaining legal obstacles to its deployment. Some agencies' lawyers, he said, sometimes balk at providing network traffic to DHS under the program. "It's a problem," he said.

Second, legislation would have to provide liability protection to private companies that share cyber-threat information with DHS.

"Third, we need a national data breach reporting system, in lieu of the existing patchwork of state laws on the subject, and enhanced criminal penalties for cybercrime," he said.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.