WASHINGTON–The computer system malfunctions at United Airlines and the New York Stock Exchange on July 8 were apparently not the result of cyberattacks. However, the White House created a cybersecurity sprint team in June to review the federal government’s cybersecurity policies and practices because of recent breaches at federal agencies, whose work may eventually help make systems more secure.
Homeland Security Secretary Jeh Johnson mentioned the team during a presentation at the Center for Strategic and International Studies, a centrist think tank, on July 8.
The team draws its members from OMB’s E-Gov Cyber Unit, DHS, the National Security Council Cybersecurity Directorate and Defense Department. It was charged with leading a 30-day review of cybersecurity policies, procedures and practices, which will be complete soon. The team will issue a Federal Civilian Cybersecurity Strategy based on their findings.
In April, the FBI detected a breach at the Office of Personnel Management, which manages federal personnel records. Investigators suspect that hackers in China were responsible for the attack.
“This response to the OPM breach is a part of a much broader federal cybersecurity effort that has been underway for some time,” Johnson said.
According to Johnson, the National Cybersecurity and Communications Integration Center, a 24-hour watch and warning center, has shared over 6,000 bulletins, alerts and warnings about cyber threats and responded to government website 32 incidents this year.
“To be frank, our federal cybersecurity is not where it needs to be,” Johnson said. “But we have taken, and are taking, accelerated and aggressive action to get there.”
DHS’s cyber protection system Einstein, first deployed in 2004, is now managed by NCCIC and provides a common baseline of security to federal agencies.
Einstein can detect intrusions and protect unclassified networks. Once it finds a cyber threat in an agency, it shares the detection with all other agencies so that they can take protective action. Einstein 3 Accelerated (E3A), which uses classified information to protect unclassified information, now protects about 45 percent of the federal civilian government, according to Johnson.
Johnson called on Congress and tech companies to work together to increase cybersecurity. “The recent breaches in cybersecurity demonstrate the urgency of acting now,” he said.