DHS chief says critical vulnerabilities greatly reduced
- By Sean Lyngaas
- Nov 04, 2015
Secretary Jeh Johnson said cybersecurity is as essential to DHS' mission as counterterrorism.
Department of Homeland Security Secretary Jeh Johnson said on Nov. 4 that federal agencies have made great strides in shoring up their network security in recent months. Since Johnson issued a binding directive in May, he said, nearly 99 percent of the 363 critical vulnerabilities identified at that time have been fixed.
"I came to this job believing that counterterrorism should be the cornerstone of the DHS mission," he said at the Council on Foreign Relations in Washington, D.C. Given the prevalence of cyberattacks today, he added, "cybersecurity, for our mission, needs to exist right alongside counterterrorism."
Although Johnson touted the progress in cleaning up networks, he acknowledged that the massive breach of Office of Personnel Management data "painfully demonstrated our federal cybersecurity efforts are not where they need to be."
OPM is struggling to come up with the money for crucial ongoing IT projects worth at least $117 million, and the cybersecurity information-sharing bill the Senate recently passed left out an amendment that would have contributed $37 million to that cause.
When asked by FCW whether OPM's financial constraints undermined his confidence in the agency's ability to secure its networks, Johnson would not comment. Instead, he referenced general remarks he made earlier about DHS coordination with OPM before and after the breach was detected.
Johnson's remarks touched on a range of hot-button issues, including the recent accord struck by President Barack Obama and Chinese President Xi Jinping to not support hacking for commercial gain. Some lawmakers have been skeptical that the deal will rein in what they see as rampant Chinese hacking.
Johnson reiterated his position that time will tell whether Beijing is living up to its commitment. And he declined to characterize a bilateral meeting, slated for Dec. 1 and 2 in Washington, as a deadline for China to comply with the accord.
When asked to comment on reports that his private email account had been hacked, Johnson said the matter was under investigation and added that the hacker gained access to his account by calling Comcast and impersonating him.
"That's an issue I am taking up with Comcast," he said to laughter from the audience.
Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.
Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.
Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.