DHS chief says critical vulnerabilities greatly reduced
- By Sean Lyngaas
- Nov 04, 2015
Secretary Jeh Johnson said cybersecurity is as essential to DHS' mission as counterterrorism.
Department of Homeland Security Secretary Jeh Johnson said on Nov. 4 that federal agencies have made great strides in shoring up their network security in recent months. Since Johnson issued a binding directive in May, he said, nearly 99 percent of the 363 critical vulnerabilities identified at that time have been fixed.
"I came to this job believing that counterterrorism should be the cornerstone of the DHS mission," he said at the Council on Foreign Relations in Washington, D.C. Given the prevalence of cyberattacks today, he added, "cybersecurity, for our mission, needs to exist right alongside counterterrorism."
Although Johnson touted the progress in cleaning up networks, he acknowledged that the massive breach of Office of Personnel Management data "painfully demonstrated our federal cybersecurity efforts are not where they need to be."
OPM is struggling to come up with the money for crucial ongoing IT projects worth at least $117 million, and the cybersecurity information-sharing bill the Senate recently passed left out an amendment that would have contributed $37 million to that cause.
When asked by FCW whether OPM's financial constraints undermined his confidence in the agency's ability to secure its networks, Johnson would not comment. Instead, he referenced general remarks he made earlier about DHS coordination with OPM before and after the breach was detected.
Johnson's remarks touched on a range of hot-button issues, including the recent accord struck by President Barack Obama and Chinese President Xi Jinping to not support hacking for commercial gain. Some lawmakers have been skeptical that the deal will rein in what they see as rampant Chinese hacking.
Johnson reiterated his position that time will tell whether Beijing is living up to its commitment. And he declined to characterize a bilateral meeting, slated for Dec. 1 and 2 in Washington, as a deadline for China to comply with the accord.
When asked to comment on reports that his private email account had been hacked, Johnson said the matter was under investigation and added that the hacker gained access to his account by calling Comcast and impersonating him.
"That's an issue I am taking up with Comcast," he said to laughter from the audience.
Sean Lyngaas is a former FCW staff writer.