Following an election season characterized by missing emails, private servers and personal laptops, and amidst pervasive allegations of Russian cybercrimes, outgoing Secretary of Homeland Security Jeh C. Johnson issued an exit memo outlining the cybersecurity strides made by the Department of Homeland Security (DHS) during the Obama administration.  Despite acknowledging “tangible progress,” Johnson warned that “more work remains to be done.”

In the memo, which addressed a myriad of national security topics, Johnson described the breadth of DHS’ reach in protecting both the federal and private sector from cyber attacks, highlighting the achievements of DHS’ National Cybersecurity and Communications Integration Center (NCCIC), which he characterized as the “federal government’s 24/7 hub for cybersecurity information sharing, technical assistance, and incident response.”   According to Johnson, in fiscal year 2016 alone, the NCCIC “disseminated more than 6,000 bulletins and responded on-site to 32 cybersecurity incidents.”  Additionally, Johnson touted the success of the NCCIC’s recently deployed automated indicator sharing platform that facilitates the real time exchange of cyber threat indicators between government and the private sector; as of October 2016, 74 entities, including foreign partners, and 12 federal agencies were connected to this new system.  Johnson further detailed DHS’ collaborations with foreign governments, including China, its push to enable the hiring of top cyber security professionals, and its programs to enhance federal civilian cybersecurity.

Turning to the future, Johnson emphasized his request that Congress establish the Cyber and Infrastructure Protection Agency to replace the National Protection and Programs Directorate, which would enable DHS to “streamline and strengthen existing functions within the Department and ensure [it is] best positioned to execute [its] vital mission of countering cyber threats to the nation.” Johnson also urged Congress to ensure that DHS has the human and financial resources to continue to meet the demand for its services.  Johnson concluded by encouraging “the next Administration, Congress, the private sector, and the general public to build on the progress we have made and continue to make cybersecurity a top national security priority.”