Homeland Security

DHS chief says critical vulnerabilities greatly reduced

Jeh Johnson

Secretary Jeh Johnson said cybersecurity is as essential to DHS' mission as counterterrorism.

Department of Homeland Security Secretary Jeh Johnson said on Nov. 4 that federal agencies have made great strides in shoring up their network security in recent months. Since Johnson issued a binding directive in May, he said, nearly 99 percent of the 363 critical vulnerabilities identified at that time have been fixed.

"I came to this job believing that counterterrorism should be the cornerstone of the DHS mission," he said at the Council on Foreign Relations in Washington, D.C. Given the prevalence of cyberattacks today, he added, "cybersecurity, for our mission, needs to exist right alongside counterterrorism."

Although Johnson touted the progress in cleaning up networks, he acknowledged that the massive breach of Office of Personnel Management data "painfully demonstrated our federal cybersecurity efforts are not where they need to be."

OPM is struggling to come up with the money for crucial ongoing IT projects worth at least $117 million, and the cybersecurity information-sharing bill the Senate recently passed left out an amendment that would have contributed $37 million to that cause.

When asked by FCW whether OPM's financial constraints undermined his confidence in the agency's ability to secure its networks, Johnson would not comment. Instead, he referenced general remarks he made earlier about DHS coordination with OPM before and after the breach was detected.

Johnson's remarks touched on a range of hot-button issues, including the recent accord struck by President Barack Obama and Chinese President Xi Jinping to not support hacking for commercial gain. Some lawmakers have been skeptical that the deal will rein in what they see as rampant Chinese hacking.

Johnson reiterated his position that time will tell whether Beijing is living up to its commitment. And he declined to characterize a bilateral meeting, slated for Dec. 1 and 2 in Washington, as a deadline for China to comply with the accord.

When asked to comment on reports that his private email account had been hacked, Johnson said the matter was under investigation and added that the hacker gained access to his account by calling Comcast and impersonating him.

"That's an issue I am taking up with Comcast," he said to laughter from the audience.

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.