States continue to seek cyber help from DHS

Jeh Johnson 

Jeh Johnson said that more states are taking advantage of DHS offers of help scanning election systems for cybersecurity weaknesses.

Three dozen states have asked the Department of Homeland Security for help with cybersecurity scans and vulnerability assessments of their election systems, and the department's top official said DHS stands ready to assist any state that asks.

The number of states asking for that help has crept steadily upward since the summer as reports of attempts to breach data in voter systems in Arizona and Illinois came to light.

"Thirty-six states" have asked DHS for help, DHS Secretary Jeh Johnson said Oct. 18 in something of a valedictory speech to the Critical Infrastructure Partnership Advisory Council. On Oct. 1, DHS said 21 states had asked for assistance with scans and vulnerability testing

"I've been pleased with the cooperation of state election officials in the run-up to the election," he said after the hacks and call for more vigilance for election systems.

Earlier in October, DHS and the Office of the Director of National Intelligence publicly accused the Russian government of hacking Democratic Party servers.

Johnson called the federal government's public attribution of Russia for the attacks as "rather extraordinary and probably unprecedented."

"We formally accused a foreign government of playing politics with a U.S. election," he said.

After his speech, Johnson told FCW that the scans of systems can take "hours," while vulnerability testing, which requires on-site visits by DHS responders, can take a week.

"A couple of states have asked for" vulnerability testing, he said. With the numbers of states asking for assistance climbing, there might be a resource pinch. "If we find ourselves in a bind," said Johnson, "we will figure out a way to accommodate" states.

Johnson has led DHS since December 2013. His speech sought to sum up some accomplishments and hopes for the agency's future efforts beyond his tenure.

Johnson said he's hoping to get the cybersecurity system Einstein 3A fully deployed across government by the end of the year. Currently, he said, the exploit-blocking capabilities are protecting about 75 percent of the federal government. Einstein has blocked one million efforts to exfiltrate data from federal agencies, he said.

Johnson also reiterated that efforts to reorganize DHS' cyber operations division should be at the top of the next Congress' to-do list. Plans to rename and reorganize the National Protection and Programs Division to integrate it with critical infrastructure protection.

The reorganization would bind cyber and physical security capabilities more closely, to better reflect the links between cyber and physical threats. It would also make NPP another operating agency within DHS.

According to current NPPD undersecretary Susanne Spaulding, who also spoke at the event, the reorganization would position the new cyber hub "as an operational component" at DHS, instead of just a headquarters agency, that could then provide specific, results-oriented advice instead of just policy guidance.

Johnson said some of his most valued achievements at the agency were in workforce and management. The agency's two-year-old "unity of effort" work, he said, has helped smooth out the agency's acquisition, hiring and budgeting, which had been a tangle of separate efforts according to components.

The agency's morale, he said, is steadily rising, according to the most recent federal employee survey. "In 2013, we were at the bottom" of the morale survey, he said. "It took two years to turn it around."

This year, the agency has seen significant improvement, according to Johnson. "ICE was up seven percentage points; CBP was up four," he said.

DHS saw the largest increase in overall morale scores for a large agency, he said, adding: "I'm very proud of this."

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

Stay Connected