Top DHS official vows to defend 100 percent of federal networks against cyber threats in 2016

The U.S. government is trying to catch up to the multitude of cyber threats it faces every day. 

In 2016, the Department of Homeland Security aims to finally roll out its two biggest defensive weapons to 100 percent of federal networks after years of glaring holes in security, Secretary of Homeland Security Jeh Johnson announced this week.

DHS is the agency chiefly responsible for defending the federal government against cyber threats. Its arsenal consists of two primary multibillion-dollar tools.

The first is called Einstein, which inspects groups of data called packets that enter and exit U.S. government networks and reports anomalies. The second is called Continuous Diagnostics and Mitigation (CDM), which detects and prioritizes vulnerabilities on federal networks.

CDM's process

CDM’s process

Homeland Security

Despite these programs existing for a decade, it’s been a slow and bumpy road toward full coverage of the federal government. Last year’s discovery of the massive hack against the Office of Personnel Management exposed the personal data of nearly 22 million current and former federal employees and job applicants. The unprecedented breach put a spotlight on Homeland Security’s deficiencies and lit a fire to expand and improve coverage.

After the OPM hack, Johnson aimed to make the latest version of Einstein (Einstein 3 Accelerated, or E3A) available to all federal departments and agencies. Even today, however, only 50 percent are online, according to Johnson.

“We are working to get all federal departments and agencies on board by the end of this year,” he said during his 2016 state of Homeland Security address on Thursday.

Einstein, which is often compared to the physical protections at a government facility, has cost over $4.5 billion dollars to develop over the past decade. 

Johnson claims E3A has blocked “700,000 cyber threats” since its implementation. It’s not clear what Johnson specifically means by a “cyber threat,” though Homeland Security generally defines cyber threats as attempts to “disrupt, destroy,” or infiltrate government systems or networks. It’s also not clear how many threats have made it past E3A.

DHS did not yet respond to a request to an email requesting comment.

The CDM program has accomplished wider coverage, according to Johnson. “In 2015, we provided CDM sensors to 97 percent of the federal civilian government,” Johnson said. “Next year, DHS will provide the second phase of CDM to 100 percent of the federal civilian government.”

CDM’s expansion has included multimillion-dollar contracts handed out to private defense firms like Booz Allen Hamilton in 2015. The private firms are tasked with providing real-time monitoring of the federal government’s networks and detecting breaches.

“The goal of the CDM program is to be able to discover and manage 100 percent of IP addressable devices,” Matt Brown, vice president of Homeland Security and Cyber Solutions at the Knowledge Consulting Group, said last year. KCG is another private firm that secured tens of millions of dollars in federal cybersecurity contracts last year. 

“You’ll be able to monitor 100 percent of the devices that are on your infrastructure,” Brown added, “ensure that they meet policy guidance, ensure that there is automated monitoring of any configuration changes, and be able to scan for vulnerabilities of those devices every 72 hours.”

Illustration via Max Fleishman 

Patrick Howell O'Neill

Patrick Howell O'Neill

Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.