DHS Secretary put cybersecurity second only to counter terrorism for 2017, according to his budget request to Congress. He wants to implement the President’s “Cybersecurity National Action Plan” released February 9 before the President leaves office. DHS will invest in cybersecurity, cyber education, Federal recruitment of new cyber talent, and improved cyber incident response, according to the Secretary’s testimony.

In particular, the agency will expand its Cyber Response Teams to 48 from 10 and increase the number of official Cybersecurity Advisors to help private businesses.

• Build on DHS’s “Stop. Think. Connect” campaign, and promote, and raise public awareness of, the need for multi-factor authentication;
• Collaborate with labs and other organizations to test and certify networked devices within the “Internet of Things” such as home alarm systems, refrigerators, and pacemaker;
• Promote the DHS’s National Cybersecurity Communications Integration Center (NCCIC) activities: distribution of information, vulnerability assessments, and incident responses;
• Further develop the system that automates the receipt and distribution of cyber threat indicators in near real-time speed, while helping to protect privacy

The following is a longer except from the rest of his testimony.

“EINSTEIN 1 and 2 have the ability to detect and monitor cybersecurity threats in our federal systems, and are now in place across all federal civilian departments and agencies. EINSTEIN 3A is the newest iteration of the system, and has the ability to block potential cyber attacks on Federal systems. Thus far E3A has blocked 700,000 cyber threats, and we are rapidly expanding this capability. About a year ago, E3A covered only about 20% of our federal civilian networks. In the wake of the OPM attack, in May of last year I directed our cybersecurity team to make at least some aspects of E3A available to all federal departments and agencies by the end of last year. They met that deadline. Now that the system is available to everyone, 50% are actually on line, including the Office of Personnel Management, and we are working to get all federal departments and agencies on board by the end of this year.”

“The second program, called Continuous Diagnostics and Mitigation, or CDM, helps agencies detect and prioritize vulnerabilities inside their networks. In 2015, we provided CDM sensors to 97% of the federal civilian government. Next year, DHS will provide the second phase of CDM to 100% of the federal civilian government.”

“We have worked with OMB and DNI to identify the government’s high value systems, and we are working aggressively with the owners of those systems to increase their security.”

“In September, DHS awarded a grant to the University of Texas San Antonio to work with industry to identify a common set of best practices for the development of Information Sharing and Analysis Organizations, or “ISAOs.” Finally, I thank Congress for passing the Cybersecurity Act of 2015. This new law is a huge assist to DHS and our cybersecurity mission. We are in the process of implementing that new law now. Just last week, I announced that we issued guidelines and procedures, required by this law, providing federal agencies and the private sector with a clear understanding of how to share cyber threat indicators with the NCCIC, and how the NCCIC will share and use that information. We issued these guidelines and procedures consistent with the deadline set by the new law.”

“Funding is included for cybersecurity in the FY 2017 budget request in the following key areas:

“$274.8 million for the Continuous Diagnostics and Mitigation program which provides hardware, software, and services designed to support activities that strengthen the operational security of federal “.gov” networks, an increase of more than $170 million over the FY 2016 enacted level.”

“$471.1 million sustains the EINSTEIN program, to continue to combat intrusions, enhance information sharing, and deploy analytical capabilities to secure the federal civilian information technology enterprise.”

“The FY 2017 budget request sustains ICE and USSS resources to combat cyber-crime and investigate cyber-criminals.