U.S. Secretary of Homeland Security: Companies Share Responsibility to Protect Against Cyber Attacks

U.S. Secretary of Homeland Security Jeh Johnson joined NJTV News’ Mary Alice Williams to have an in-depth conversation about the state of security in the U.S. today. Find the rest of the series here.

Staying one step ahead of cyber criminals is the purview of the Department of Homeland Security (DHS). DHS Secretary Jeh Johnson told NJTV News Anchor Mary Alice Williams that there is a lot that companies can do to protect their networks from cyber attacks.

Johnson said that he thinks the recent attack on Sony was transformational. He said that it was a very serious attack on a company, its employees, the privacy of its employees and on proprietary non-public information of the company. He said that President Obama said publicly that he is determined to respond proportionally.

When asked what the attacks say about the vulnerability of the entire internet, Johnson said, “Well the attack says a lot about that. DHS, my department, is responsible for coordinating the federal government’s response in getting information out to the civilian sector about ways in which they can improve their own cyber security. We put out another bulletin after this attack occurred and it is in fact true that companies themselves can do more to secure their own networks.”

Johnson said that companies and DHS have a shared responsibility for cyber security. He said that there is a lot that the government can and should do, and does do. He said that in the private sector there are some very sophisticated actors, particularly in the financial sector, who are good at protecting their own networks. There are other sectors that are more vulnerable, that need to do more and can do more, said Johnson. He said that there is a lot of information shared by DHS and elsewhere so that companies can better protect their own networks.

As for what the government is doing to prevent digital terrorism against U.S. businesses, government and corporations, Johnson said, “The principle thing that we can do and we should do and we are doing is sharing information with the private sector about what best practices are. The FBI, the Secret Service and a number of other federal agencies through criminal investigations also are in this sphere, prosecuting bad cyber actors. But there’s a lot that companies themselves can do to protect their own networks and there’s a lot of work to be done in that regard.”

Johnson said that power plants and water infrastructure are emerging issues. He said that as the U.S. becomes more interconnected through the internet in terms of power capabilities, the grid and critical infrastructure, the U.S. is an increasingly interconnected society. He said that part of the DHS’s mission is the protection of critical infrastructure in the country. He said that increasingly means the protection of cyber, which has a fundamental part in critical infrastructure.

“We have through intelligence collection and a number of other efforts been able to prevent or at least limit the effects of various bad cyber actors out there but it’s still a work in progress. There’s a lot that the private sector can do and should do. And one of my New Year’s resolutions for 2015 is to move forward on cyber security,” said Johnson. “We got some good legislation out of Congress in the lame duck session. Three bills passed in bipartisan fashion that will enhance my department’s mission in the cyber security realm but there’s a lot more we need to do.”

Related: How Safe is Our Digital World?