Sharing real-time cyber threats part of year-long DHS effort

Jeh Johnson made cybersecurity a cornerstone mission area for the Homeland Security Department ever since he became secretary in December 2013.

Under that pronouncement, Johnson gave employees a series of specific deadlines to meet, including making sure every agency had access to the EINSTEIN 3A software tools by the end of December 2015.

Johnson said DHS made that deadline and then added one more to its record when the National Cybersecurity and Communication Integration Center (NCCIC) started sharing threat indicators in real time with the private sector and federal agencies.

Congress required DHS to meet this goal 90 days after the enactment of the Cybersecurity Information Sharing Act (CISA), which passed and President Barack Obama signed into law in December.

“Through a lot of hard work we are in a position to meet his deadline and I have signed this certification,” Johnson said during a press conference at the NCCIC headquarters in Arlington, Virginia. “This automated real time information sharing is the center piece of our homeland security efforts at the NCCIC. This is the ‘if you see something, say something of cybersecurity.’ Our people worked hard to get us here to meet this deadline from Congress today, and it also enables us to share cyber threat indicators with the private sector today.”

Johnson said he also briefed the National Council of Information Sharing and Analysis Centers to ensure they know the automated information sharing system is open on time and on schedule.

Under the law, private sector organizations receive liability protection when they share cyber threat indicators with DHS, and DHS has a way to share information back to the companies and other agencies in near real-time.

DHS met the first deadline under the CISA law back in February when it released interim guidance to authorize the voluntary sharing and receiving of cyber threat indicators and defensive measures.
Rep. Mike McCaul (R-Texas), chairman of the Homeland Security Committee and co-author of the legislation, said getting to this point of sharing indicators has been something Congress and the administration have been working toward for several years.

“This is one of those examples in a very dysfunctional year that Congress actually got something done in a bipartisan way, in working with the White House and in working with the secretary to get something good done for the American people and ultimately protect them from cyber attacks,” McCaul said. “We are under attack every day by adversaries stealing intellectual property and conducting espionage.”

Johnson said the building of real-time information sharing has been part of a year-long effort to improve DHS’ capabilities.

He said DHS met his initial E3A deadline, and now Congress set a new deadline set to get every agency using E3A by the end of 2016.

“We’re continually engaging our partners in federal departments and agencies to make sure they know about the capability, which is the capability to block known intrusions, not just to monitor and detect them,” Johnson said.

One of DHS’ biggest challenges, along with most other agencies, is hiring and retaining employees with advanced cyber skills.

Johnson told McCaul and other lawmakers over the last few weeks during hearings on DHS’ fiscal 2017 budget request that he wants to increase the agency’s cyber workforce, including expanding DHS’ 10 cyber response teams to 48.

McCaul said DHS, the National Security Agency, the Air Force and many others face this constant challenge.

He said the committee has looked at ideas ranging from scholarship programs where in exchange for money for college, a cyber expert commits to 3 years working in government. Another idea is rotational assignments across the government among cybersecurity experts.

Rep. John Ratcliffe (R-Texas), chairman of the Homeland Security’s Subcommittee on cybersecurity, infrastructure protection and security technologies, said to attract cyber experts, DHS has to show it can be successful in meeting specific goals, and the real-time threat indicator sharing is a good start.

Ratcliffe said he will be getting a briefing on the reorganization of the National Protection and Program Directorate (NPPD) next week. DHS proposed in October to develop more unity between the organization’s cyber and physical infrastructure teams, enhance operational activity and improve acquisition program management.

“We want to make sure it’s a reorganization that is going to compliment and support the mission and the success of DHS in that space and fulfill that role,” Ratcliffe said.

The White House also proposed several cyber workforce initiatives as part of the Cybersecurity National Action Plan.

Related Stories


Sign up for breaking news alerts