Homeland Security

DHS chief says critical vulnerabilities greatly reduced

Jeh Johnson

Secretary Jeh Johnson said cybersecurity is as essential to DHS' mission as counterterrorism.

Department of Homeland Security Secretary Jeh Johnson said on Nov. 4 that federal agencies have made great strides in shoring up their network security in recent months. Since Johnson issued a binding directive in May, he said, nearly 99 percent of the 363 critical vulnerabilities identified at that time have been fixed.

"I came to this job believing that counterterrorism should be the cornerstone of the DHS mission," he said at the Council on Foreign Relations in Washington, D.C. Given the prevalence of cyberattacks today, he added, "cybersecurity, for our mission, needs to exist right alongside counterterrorism."

Although Johnson touted the progress in cleaning up networks, he acknowledged that the massive breach of Office of Personnel Management data "painfully demonstrated our federal cybersecurity efforts are not where they need to be."

OPM is struggling to come up with the money for crucial ongoing IT projects worth at least $117 million, and the cybersecurity information-sharing bill the Senate recently passed left out an amendment that would have contributed $37 million to that cause.

When asked by FCW whether OPM's financial constraints undermined his confidence in the agency's ability to secure its networks, Johnson would not comment. Instead, he referenced general remarks he made earlier about DHS coordination with OPM before and after the breach was detected.

Johnson's remarks touched on a range of hot-button issues, including the recent accord struck by President Barack Obama and Chinese President Xi Jinping to not support hacking for commercial gain. Some lawmakers have been skeptical that the deal will rein in what they see as rampant Chinese hacking.

Johnson reiterated his position that time will tell whether Beijing is living up to its commitment. And he declined to characterize a bilateral meeting, slated for Dec. 1 and 2 in Washington, as a deadline for China to comply with the accord.

When asked to comment on reports that his private email account had been hacked, Johnson said the matter was under investigation and added that the hacker gained access to his account by calling Comcast and impersonating him.

"That's an issue I am taking up with Comcast," he said to laughter from the audience.

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.