The Department of Homeland Security plans to augment its biometric data collection and social media screening to prevent terrorists from entering the country, Jeh Johnson said during his annual “State of Homeland Security” address.
“Based upon the recent recommendation of a social media task force within DHS, I have determined that we must expand the use of social media even further, consistent with law,” Johnson said Thursday. DHS currently uses social media for 33 separate operational and investigational purposes, including reviews of the social media accounts of Syrian refugee applicants who have been “referred for enhanced vetting,” he explained.
Johnson has also directed Customs and Border Protection to deploy “biometric exit” systems -- which would collect data points such as fingerprints from people leaving the country -- at airports by 2018. CBP is already testing those systems, he said.
Delivering the final "State of Homeland Security" address of his term, Johnson reinforced his commitment to using new technology to protect citizens from both physical and virtual attack -- a theme he and President Barack Obama have established in the past several months.
Just days before Johnson’s address, the White House published an elaborate Cybersecurity National Action Plan, which aims to establish a nongovernment advisory “Commission on Enhancing National Cybersecurity,” among other steps to boost citizen privacy and security.
On Thursday, Johnson noted that “counterterrorism remains a cornerstone of our department’s mission,” but that “cybersecurity must be another,” and outlined DHS’ goals for next year, including providing the second phase of its cyber-risk identifying Continuous Diagnostics and Mitigation system to 100 percent of the federal civilian government.
Obama’s budget request for the 2017 fiscal year outlined DHS’ plans to grow the number of cybersecurity response teams from 10 to 48, Johnson said, and to double the number of its cybersecurity advisers to make “house calls” and “in-person customized cybersecurity assessments" to organizations in the private sector.
DHS also plans to collaborate with Underwriters Laboratories to create a cybersecurity assurance program, designed to test and certify networks and devices within the Internet of Things (a term for a connected network of sensors and devices), “such as your home alarm system, your refrigerator or even your pacemaker," Johnson said.
The department has an “aggressive timetable” for improving cybersecurity at federal civilian agencies, Johnson said. DHS is “rapidly expanding” the capability of Einstein 3A, the newest version of its threat-detection and -blocking technology. Einstein 3A has so far blocked 700,000 cyberthreats, he said.
In the wake of a large-scale intrusion into federal personnel files at the Office of Personnel Management affecting about 22 million people last year, Johnson said he directed his cyber team to make aspects of the system available to all federal civilian agencies. About 50 percent are online now, including OPM.
"We are working to get all federal departments and agencies by the end of this year," he added.
But Johnson remained mum when asked during a question-and-answer period whether DHS had evidence suggesting that stolen data was used to access government systems, with the intent of manipulating or destroying the data.
“I’m not sure I can comment publicly," he said. "We are always extremely vigilant ... looking for such a thing.”