Homeland Security Chief Talks Cybersecurity at Major Conference
We couldn’t be in California today for Department of Homeland Security (DHS) Secretary Jeh Johnson’s address at the largest cybersecurity conference, so we’re bringing you news from the next best thing—his prepared remarks.
“My message to you today is this: Government does not have all the answers or all the talent,” Johnson said at the RSA Conference 2015 in San Francisco. “Cybersecurity must be a partnership between government and the private sector. We need each other, and we must work together. There are things government can do for you, and there are things we need you to do for us.”
The DHS was formed in 2002 following the U.S.-based terrorist attacks of 9/11, with counterterrorism as the cornerstone mission. “But, the reality is that in 2015, cybersecurity has become a mission of equal importance.”
In fact, according to the World Economic Forum’s Global Risks report, cyber attacks are the 10th biggest threat to the stability of the world over the next decade, and 2015 differs from past assessments because of the “rising technological risks, notably cyber attacks, and new economic realities, which remind us that geopolitical tensions present themselves in a very different world from before.”
Johnson’s speech highlighted missions of the National Cybersecurity and Communications Integration Center (NCCIC), which received 97,000 cyber incident reports from the private and government sectors in fiscal 2014 and issued nearly 12,000 cyber alerts or warnings, according to the prepared remarks.
Last year, NCCIC agents identified 265 instances of the Heartbleed vulnerability, reducing them to two in a three-week period, and responded to private and government offices to address systems susceptible by other
malware such as Shellshock, BlackEnergy, Havex, BackOff Point of Sale and Lenovo SuperFish.
Johnson, who also is searching for a new NCCIC director, shared the DHS’s plans for the office, which include enabling the center to provide near real-time automated information sharing to the private sector. “I have directed our team to go full throttle on this. As you know, cybersecurity is about speed.”
Last week, the NCCIC “deployed the capability to automate publication of cyberthreat indicators in a machine-readable format. We reached this major milestone five weeks ahead of deadline,” Johnson said.
Speaking of information sharing, U.S. congressional lawmakers are nearing a consensus on a major cybersecurity information sharing bill making its rounds on Capitol Hill. The Senate’s Cybersecurity Information Sharing Act would grant businesses liability protections when sharing cyberthreat information with the government. The measure comes on the heels of last year’s congressional actions that codified into law that the NCCIC is the federal civilian interface with the private sector for cybersecurity.
Additionally, Johnson announced the department is finalizing plans to open up a satellite office in Silicon Valley, according to the prepared remarks.
President Barack Obama in February signed an executive order to create the Cyber Threat Intelligence Integration Center to facilitate information sharing. In April, he authorized the use of financial sanctions against malicious hackers and companies that knowingly benefit from cyber espionage and attacks.