DON'T LOSE ACCESS:
Your IP access to ForeignPolicy.com will expire on June 15.
To ensure uninterrupted reading, please contact Rachel Mines, sales director, at email@example.com.
Homeland Security Boss Reports Progress Rolling Out Security System
Jeh Johnson says the U.S. government is getting better at defending its networks.
Homeland Security chief Jeh Johnson had some good news Wednesday about Washington’s cybersecurity efforts: 47 percent of government websites have installed advanced systems for preventing devastating hacks from countries like China. He also had some bad news: more than half of the government’s sites may still be vulnerable.
At issue is a security system known as Einstein, a government system that works to detect and stop malicious traffic aimed to enter federal servers. In June, U.S. officials revealed that hackers thought to be affiliated with Beijing breached the servers of the Office of Personnel Management, making off with sensitive information about 21.5 million current, former, and prospective federal employees. That haul of information included applications completed as part of background investigations for security clearances, the theft of which U.S. officials have described as an intelligence coup for Beijing.
In the aftermath of the breach, the Department of Homeland Security, which is responsible for securing the domains of civilian agencies, pushed to speed the rollout of Einstein defense systems. Johnson, speaking at a Council on Foreign Relations cybersecurity summit, said that 47 percent of .gov domains now have access to Einstein 3a, which automatically blocks traffic containing code that has been identified as malicious.
While that certainly represents progress for the federal government, it also means more than half of .gov domains — which include sites for the State Department, White House, and Social Security Administration — lacks one of the government’s most advanced technologies for detecting network intrusions five months after the OPM breach was announced. Johnson said Einstein 3a has blocked 700,000 attempts to penetrate .gov servers, though he didn’t say who had launched the attacks or what the specific targets had been.
“As the OPM breach painfully demonstrated, our federal cybersecurity efforts are not where they need to be, but we are improving,” Johnson said. Since May, the federal government has fixed nearly all of 363 critical network vulnerabilities that had been identified in a review. But, Johnson added, the U.S. government is finding new vulnerabilities every day.
Johnson’s comments come less than a month before U.S. and Chinese officials are slated to sit down in Washington on Dec. 1 and 2. for the first formal meeting on cyber issues since Washington and Beijing inked an agreement in September to halt the digital theft of corporate trade secrets for commercial benefit. U.S. officials have said it is too early to determine whether China is living up to the terms of that agreement.
With hackers increasingly stealing personal and corporate information off of vulnerable servers, companies and governments have invested in high-tech solutions to stop such intrusions. Computer experts, however, say that network breaches are frequently the result of simple miscues, or what is sometimes called “bad security hygiene.” This can include clicking on malicious links in emails or falling for spearfishing attempts.
As a result, DHS has carried out a series of exercises to get its employees up to speed on the threat. One such exercise offered free Redskins tickets to DHS employees. “The attachment says show up in room 120 or whatever it is on Monday on Nov 2,” Johnson said. “So a lot of people showed up, and they got a cybersecurity lecture instead.”
Johnson has recent first-hand experience with what it’s like to be hacked. When the stoner hacker collective calling itself Crackas With Attitude revealed last month that it had broken into the personal email of CIA Director John Brennan, they also said they had cracked Johnson’s Comcast account. On Wednesday, the U.S. domestic security chief revealed how the teenage hackers did it: “Somebody called Comcast posing as me and gained access to parts of my account,” Johnson explained.
“That’s an issue I’m taking up with Comcast,” he added sardonically.
Andrew Burton/Getty Images