Homeland Security Secretary Jeh Johnson told the House Judiciary Committee that in the wake of the massive data breaches at the Office of Personnel Management, "we need to improve our mission" when it comes to cybersecurity.
Before testifying Tuesday morning about immigration, Johnson penned an op-ed in Politico calling on Congress to take three critical steps to help him protect the federal government's information and IT systems.
He wants Congress to remove any legal obstacles to DHS deploying its "EINSTEIN" network-protection system across the federal government. He said that would ensure all agencies that they are allowed to share network traffic information with the Homeland Security Department.
Johnson also called on Congress to move legislation that encourages the private sector to share information with the government that could help it bolster cybersecurity by protecting companies from civil and criminal liability. And lastly, he wants Congress to pass legislation drafted by the Obama administration that would create a national data-breach reporting system and increase penalties for cybercrimes.
After OPM revealed in June that its personnel files had been twice hacked, which ultimately affected 22.1 million Americans, the administration created a special interagency team to accelerate federal cybersecurity as rapidly as possible in 30 days. As part of that, Johnson said DHS accelerated the final phase of EINSTEIN implementation, which ultimately will allow all agencies to identify and block "known malicious traffic."
Johnson said he has "challenged" his team to do so by year's end. Today, 45 percent of government workers, or approximately 931,000 personnel, are covered. OPM is one of the agencies that does not have full EINSTEIN capabilities. OPM and seven other agencies do have the department's diagnostic system, however. That system constantly scans government networks for "vulnerabilities that bad actors that have breached the perimeter could exploit," he wrote.
He asked Congress for additional funding to take the diagnostic system to the next step, which would detect if system users are engaging in unauthorized activity.
Johnson told the judiciary panel that he is struck at how even the most sophisticated hackers use the simplest tool to initially breach firewalls.
Many "often start with a simple act of spear phishing; someone opened an e-mail that they shouldn't have," he said. And so a large part of our efforts have to be education of our workforce about not opening suspicious emails, emails they don't recognize."