Soon, DHS Will Have Eyes on Computer Vulnerabilities Across the Government

By Joseph Marks

October 2, 2017

The Homeland Security Department will begin standing up a dashboard in October that shows cyber officials what software is running across most of the civilian federal government and points out dangerous vulnerabilities, a top department official said Friday.

The dashboard will allow defenders at Homeland Security’s cyber operations center to pinpoint which departments and agencies are running vulnerable versions of software when they learn about a new digital virus or vulnerability, Jeanette Manfra, assistant secretary for Homeland Security’s Cybersecurity and Communications Office, said.

That’s a far cry from when the Heartbleed vulnerability struck in 2014 and Homeland Security officials were “searching for CIO phone numbers” to urge each agency to patch against the vulnerability, Manfra said during an address at the Center for Strategic and International Studies think tank.

Now, I can have advanced awareness of a vulnerability … I can go into our dashboard and know instantly who’s running that version of that system and focus the agencies on protecting that asset,” Manfra said.  

The dashboard is part of Homeland Security’s Continuous Diagnostics and Mitigation program, which supplies cyber protection services to federal agencies. Agencies participating in the continuous diagnostics program have stood up their own agency-level software dashboards over about the past year.

The federal dashboard will collect information from those agency dashboards, Manfra said.

The dashboard is part of a broader effort by Manfra’s agency to shift from a bureaucratic and compliance-focused model of cybersecurity to an operational vision in which cyber threats are detected and mitigated at rapid speed, she said.

Other elements include placing sensors across federal networks to alert the agency about threats and vulnerabilities and beefing up information sharing about cyber threats with industry, she said.

Rep. Will Hurd, R-Texas, also spoke during Friday’s CSIS event. Here are some highlights.

By Joseph Marks // Joseph Marks covers cybersecurity for Nextgov. He previously covered cybersecurity for Politico, intellectual property for Bloomberg BNA and federal litigation for Law360. He covered government technology for Nextgov during an earlier stint at the publication and began his career at Midwestern newspapers covering everything under the sun. He holds a bachelor’s degree in English from the University of Wisconsin in Madison and a master’s in international affairs from Georgetown University.

October 2, 2017