DHS' multipronged approach includes public-private information sharing groups, among others.
Department of Homeland Security Secretary Jeh Johnson on Wednesday reaffirmed his goal to make the latest version of a cybersecurity intrusion detection and prevention platform -- known as EINSTEIN 3A -- available to all federal civilian agencies by the end of 2015.
In a speech Wednesday at the Center for Strategic and International Studies, Johnson described the department's cyber response acceleration, in response to recent threats including the breach of Office of Personnel Management's employee data. (Hours after computer glitches halted some operations at The Wall Street Journal, the New York Stock Exchange and United Airlines, Johnson assured listeners that, according to his information, malfunctions at the latter two were "not the result of any nefarious actor," though he admitted DHS knew less about The Wall Street Journal glitch.)
The OPM breach "remains the subject of an ongoing investigation," Johnson said, but added, "to be frank, our federal cybersecurity is not where it needs to be."
Next month, he said, DHS plans to encourage the development of information sharing and analysis organizations -- collaborative cyberthreat information sharing groups mandated by a February executive order -- by selecting one organization to "develop best practices" for public and private sector information sharing.
During a Q&A session, Johnson added the federal government could encourage the private sector to share more information with DHS by "limiting potential criminal and civil liability for those who share cyberthreat indicators with us."
DHS currently uses an automated system for sharing cyberthreat indicators. Johnson said DHS is working to get other members from across the federal government and the private sector on board "so we can send and receive this information in near-real-time." Some agencies and private sector members could begin using the system by October.
DHS is also working with other agencies to build a new Cyber Threat Intelligence Integration Center, intended to transport threat information in real-time to DHS' cyber hub, the National Cybersecurity and Communications Integration Center, he said.
Employee education campaigns are also necessary, Johnson said.
"What amazes me when I look into a lot of intrusions, including some really big ones by multiple different types of actors, it often starts with the most basic active spear-phishing where somebody is allowed in the gate and penetrates a network simply because an employee clicked on something he or she shouldn't have," he said.
Johnson said he also plans to request authorization from Congress to allot more funding to the Continuous Diagnostics and Mitigation program, the first phase of which currently covers eight agencies. Johnson has directed DHS make the first phase of the continuous-monitoring technology available to almost 100 percent of the federal civilian agencies by the end of the fiscal year.
Still, Congress can do more to support DHS' cyber efforts, Johnson said.
For instance, lawmakers could "expressly authorize the EINSTEIN program," potentially "ensuring agencies understand they are legally permitted to disclose network traffic to DHS for narrowly tailored purposes."
When asked how to potentially discuss cyberattacks with officials in China -- Chinese-sponsored hackers are suspected to have played a part in the OPM hack -- Johnson described U.S.-China dialogue as a "work in progress."
"We have different views on a lot of fundamental issues, and a lot of fundamental understandings about the nature of cybersecurity," he said.