DHS CISO eyes shift from perimeter defense to data protection

Federal agencies are investing heavily in perimeter network defense, but in five years the Department of Homeland Security's chief information security officer said he hopes to see a lot more spending on defense of data within networks.

"As you look at defense in depth, a lot more resources go toward perimeter defense than do actually controlling the data," DHS CISO Jeff Eisensmith told FCW after his Oct. 20 appearance at a conference hosted by ISACA.

Data can be prioritized by its value to an organization, Eisensmith said. "And that's a level of granularity that right now is kind of cost prohibitive and not overly mature," he added, while not discounting the importance of perimeter defense. "It is happening, but not on the scale that I'd like it to be."

Einstein and Continuous Diagnostics and Mitigation are two vast DHS programs that together cover various aspects of network defense. Einstein focuses on perimeter defense, while CDM is a broad threat-detection program designed to give network operators a clearer view of vulnerabilities.

Chris Cummiskey, former acting undersecretary for management at DHS, has told FCW that CDM stands a better chance than Einstein of mitigating sophisticated breaches because CDM "seems to give us the additional ability to see these bad actors on the networks, once they're already through the perimeter."

Both programs draw on big coffers. CDM's acquisition vehicle has a $6 billion ceiling, and DHS has requested $479.8 million for "network security deployment" in fiscal 2016, including the latest iteration of Einstein, known as Einstein 3A.

DHS Secretary Jeh Johnson told the House Homeland Security Committee on Oct. 21 that he has directed DHS to make at least some of Einstein 3A's features available to all federal civilian agencies by year's end, and agencies are on track to adopt the system. The program has blocked more than 650,000 requests to access potentially malicious websites, Johnson said in his prepared testimony. Nonetheless, he also stated that "our federal .gov cybersecurity, in particular, is not where it needs to be."

Eisensmith advised putting money toward the weakest link in an organization's cybersecurity.

"If you're going to make an investment, you look and you say, 'Where [am I] not really at a maturity level that I want to be?' That's where the next dollar goes," he said. "The only caveat to that would be if a new threat pops up tomorrow that changes the maturity level. Then you have to react."

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.