Vote today for the 2025 FedScoop 50 awards.

Cast your vote!

​Big data and the examined life

Although the human population increases about 1 percent each year, the quantity of information we produce reportedly doubles every 18 months. In 2011, according to one report, humans had generated 1.8 trillion gigabytes — enough to fill so many 32 GB tablets that, stacked, they would build a wall twice as tall as the Great Wall of China. By 2020, the amount of data worldwide could exceed 40 trillion GB.

One reason for this exponential growth: mobile phones. More than half the global population owns at least one cell phone, reports the social media agency We Are Social. We don’t stop at just one: There are more mobile-service accounts than people in the world.

Wearables including watches, bracelets and clothing add to the information stream, as do devices including our cars and home appliances, making us all destined, it seems, to become human data factories.

Knowledge is power

What does all this data reveal about us? Nearly everything.

Online, our every keystroke adds another byte to the data pool, revealing our desires and quandaries, our values and opinions, our acquisitions and hobbies, our tastes in music, our favorite sports teams, our viewing and reading habits.

JR-Reagan-Deloitte-portrait

JR Reagan writes regularly for FedScoop on technology, innovation and cybersecurity issues.

Apps and other tools report how much we sleep at night and how well, how many steps we take in a day, what we eat and drink — and how much, how intelligent we are, how much we travel and where we go, how much energy we consume, how much CO2 our activities generate, how much money we have and how we use it, and much more.

Orwellian though it may sound, all this information offers vast potential to improve and even extend our lives.

Already we are reaping the benefits. The “quantified self” movement, with its focus on individual monitoring and analysis, includes members whose data has helped them to lose weight, drink less alcohol, drink more water, save money, work more efficiently, manage their time better, become more physically fit, read faster, improve their memories, meet personal goals, manage chronic illnesses, improve their physical environment — and the list goes on.

The more we know about ourselves, the more we want to know.

Innovations in “consciousness hacking,” including brain tracking and augmentation — new frontiers in self-improvement — aim to monitor and direct our moods as well as to improve cognition.

Nanoparticles ingested in pills may someday provide an in-depth look at health, detecting very early such conditions as cancer, artery blockages and nascent diabetes.

Increasingly popular DNA tests can delve even more deeply, showing us our inherited tendencies and helping medical professionals to tailor treatments to match our individual makeup.

Big data = big solutions

Data’s potential extends far beyond enriching and prolonging individual lives, however. Shared freely — and, if desired, anonymously — “open source” data can provide us with big-picture scenarios that, properly analyzed, may benefit entire communities, or even the world. Why is autism on the rise? How will changing climates affecting food production? What innovations would best benefit my city, state, region or nation?

“The unexamined life is not worth living,” Socrates said some 2,400 years ago. How, then, might the data we generate, and its subsequent analysis, add value and meaning to our lives today and tomorrow? With an unprecedented trove of knowledge at our behest, we become as omniscient as the philosopher’s gods, able to foresee a future in which anything is possible.

JR Reagan is the global chief information security officer of Deloitte. He also serves as professional faculty at Johns Hopkins, Cornell and Columbia universities. Follow him @IdeaXplorer. Read more from JR Reagan.

FedScoop 50’s Golden Gov winners

[metaslider id=22760]

See the rest of the FedScoop 50 winners here.

Top 50 leaders from federal tech community honored at FedScoop 50 awards

Goldy-Kamali-and-Todd-Park

FedScoop founder and CEO Goldy Kamali and White House technology advisor Todd Park.

FedScoop honored Washington’s top technology leaders and innovators during its elite FedScoop 50 awards Thursday night.

The ceremony, held atop the Hay-Adams Hotel overlooking the White House, gathered more than 200 government and industry leaders from across the country to recognize the extraordinary achievements they made in 2015. FedScoop celebrated leaders and programs in nine categories that touched all aspects of the federal IT community — including Disruptors of the Year, Cybersecurity Leadership, Most Inspiring Up & Comer, Federal Leadership, Industry Leadership, Tech Champion, Tech Program, Innovation of the Year and the most prestigious Golden Gov award.

“As a team we are very lucky because every single day, whether it be for a story, an event, through FedScoop TV or radio, we have the privilege of working with the most talented and innovative people in the country,” Scoop News Group founder and CEO Goldy Kamali said before presenting the awards. “We are thankful because we learn from you and are inspired by you. The FedScoop 50 awards were created as an opportunity to recognize the extraordinary achievements of leaders in our community that are doing big things that impact all of us.”

The federal IT community this year voted with ferocity, casting more than 250,000 votes for the nominees. FedScoop counted the votes to determine the winners in each category.

The 2015 winners of the FedScoop 50 awards are:

Golden Gov: Federal Executive of the Year

Federal Leadership

Industry Leadership

Disruptor of the Year

Cybersecurity Leader of the Year

Most Inspiring Up & Comer

Tech Champion of the Year

Tech Program of the Year

Innovation of the Year

If sanctions don’t stop China’s hacking, what will?

It’s getting to the point where elected officials and cybersecurity policy experts agree the Obama administration should do something in retaliation for China’s continued cyber espionage against American companies — they just can’t agree on what.

Since China and the U.S. inked a deal in September pledging that neither country would engage in hacking for economic gain, there have been a smattering of reports that China has not lived up to the agreement. Earlier this week, Bill Evanina, the head of the National Counterintelligence and Security Center, said he’s seen “no indication” that China has curbed its state-sponsored hacking capabilities, according to a Reuters report.

Experts discussed what should come next during a forum Wednesday held by the Bipartisan Policy Center, which examined policy options from economic sanctions to indictments to arming companies with the ability to hack back.

Sen. Cory Gardner, R-Colo., who serves as the chairman of the Senate Foreign Relations’ Subcommittee on East Asia, The Pacific and International Cybersecurity Policy, said language needs to be added to the September agreement that better defines punishment if China violates its terms.

“There is no real punitive context read out of this agreement,” he said. “They need to agree to some kind of punitive action. I don’t think we can take anything off the table.”

In a report released Wednesday, the US-China Economic and Security Review Commission, a group created by Congress to measure national security implications of the economic relationship between the U.S. and China, said one of those punitive actions should be allowing companies to hack back, given that China is pushing policy that would limit U.S. companies’ participation in the Chinese market on top the country’s theft of their intellectual property.

“For these reasons we believe it is important for Congress to assess whether U.S.-based companies that have been hacked should be allowed to engage in counterintrusions for the purpose of recovering, erasing, or altering stolen data in offending computer networks,” the report reads. “In addition, Congress should study the feasibility of a foreign intelligence cyber court to hear evidence from U.S. victims of cyberattacks and decide whether the U.S. government might undertake counterintrusions on a victim’s behalf.”

Gardner said he would prefer to “tread lightly” on hack-backs, rather focusing any sort of punishment on economic sanctions on indictments, like the one issued in May against five members of China’s People’s Liberation Army.

The indictments are something closer to what former State Department official Randall Schriver thinks should be done if the U.S. is to present China with a level of deterrence that would curtail hacks.

“If what we want to do is stop this, then we have to get serious and we have to target the people that are doing it,” Schriver said. “[Hacking] is national level policy guidance through [China’s] Central Military Commission, to the General Staff Department to the PLA.”

Robert Knake, a former director of cybersecurity policy for the National Security Council, said it would be easier for the government to move past sanction threats if companies would admit they’ve been targeted by China, something he has yet to see occur.

“[Companies] fear what will happen if they stand up and say they were targets,” he said. “From their perspective, [hacking] is the cost of doing business.”

Former National Security Agency counsel Stewart Baker said sanctions might be the best route, with the added support from other G-20 countries, such as Germany, France or Britain that have also come against state-sponsored corporate espionage. Earlier this week, G-20 countries signed a pact saying no countries should conduct “theft of intellectual property, including trade secrets or other confidential business information.”

“Pick sanctions where U.S. industry isn’t vulnerable to hostage taking by the Chinese and the evidence is such that we can talk about it publicly,” Baker said. “I think the Germans, the French and the British would all get on board with that.”

The U.S. and China plan to hold ministerial-level talks in Washington, D.C., at the beginning of next month related to the September agreement. Gardner hinted that those talks could turn toward sanctions, given that China has shown no signs of curbing their hacking practices.

“I find it hard to believe in the world of digital communication that [the Chinese] haven’t heard that this isn’t appreciated and that we’ve agreed to knock this off,” he said. “We are approaching the end of the grace period.”

U.S.-E.U. safe harbor collapse affects all of us

Last month, the European Court of Justice found that the privacy of European data is not sufficiently protected by the trans-Atlantic agreement known as Safe Harbor. As a result, the court invalided the agreement.

The E.U. and U.S. government are now working to establish a new trans-Atlantic data-transfer accord. As an example of these efforts, the House recently passed the Judicial Redress Act (H.R. 1428) — a step in the right direction. The act enables foreign citizens to have the same legal rights as U.S. citizens, if their individual privacy is violated by government. In many ways, the Judicial Redress Act will serve as the foundation for the agreement that replaces Safe Harbor and must be considered a part of the solution, starting with passage of the legislation in the Senate.

Safe Harbor allowed for the flow of data between the E.U. and the U.S. without the need for individual agreements between each jurisdiction and company. Without Safe Harbor, every type of industry that relies on trans-Atlantic data transfers has been required to quickly come up with an alternative legal basis for data transfers — from airline companies to financial services, data storage providers to social media platforms. Given the economic and social costs to industry and individuals, a new data sharing agreement must be developed to address the security and privacy concerns in the U.S. and E.U. A new agreement must also provide a process that allows law enforcement to access and exchange data across borders, while simultaneously respecting individual privacy.

A balancing act: Privacy and national security

In 2000, the U.S. Department of Commerce and the European Commission agreed to a set of data transfer principles for outlining the protection of data no matter where the data is processed and stored — Safe Harbor. Under these principles, a U.S. or E.U. company that declared it would uphold Safe Harbor was then allowed to transfer data between countries.

In response to the terrorist attacks in September 2001, the Patriot Act was enacted, giving the U.S. government the ability to collect information about U.S. citizens and foreigners without consent or a search warrant. While companies agreed to uphold Safe Harbor for trans-Atlantic data transfers, the U.S. government had given itself a surveillance mechanism that was in conflict with the E.U. data directive and the Safe Harbor framework on which it has been based. The dissonance between these two laws was the starting point for disagreement. This was only exacerbated in 2013 by the revelations that the National Security Agency was collecting data without regard to E.U. data protection laws. Europeans felt their rights had been violated.

Given the length of time that the U.S. government has gathered data without consent, it is surprising that the Safe Harbor framework lasted as long as it did. A new Safe Harbor agreement must include a streamlined process for law enforcement to get information and data across borders that also respects individual privacy rights. Passing the Judicial Redress Act in the Senate will be the first step in ensuring these protections and establishing much-needed processes.

What this means for government, companies and consumers

Without the Safe Harbor framework, companies are faced with the almost insurmountable task of establishing data sharing agreements with individual regional jurisdictions. Without these agreements, a global company’s operations are now in question and they must think twice about investing abroad.

Consumers, if not directly effected as employees of companies that curtailed trans-Atlantic operations, would be faced with the loss of the Internet as its known today, a means of global commerce, information and communication exchange. Without agreements in place to provide “borderless” transfers of data, there will be no trans-border mechanism for e-commerce, sending and receiving emails, or sharing personal information using social media. In other words, without Safe Harbor, the backbone of modern technology — information exchange — will be significantly hampered.

While the U.S. and E.U. governments have reached an agreement in principle on a new data sharing agreement, leaders of both governments, privacy advocates and technology companies must continue to work together quickly to establish a new data sharing agreement that builds upon Safe Harbor. This new agreement must put privacy first and strengthen the protections afforded in the E.U., U.S. and across the world. We are in desperate need of a streamlined process to send information across international borders that also respects individuals’ privacy rights.

What needs to be done

Much has changed in the U.S. since the 2013 revelations about the NSA’s surveillance activities, and new meaningful limitations are now placed on the U.S. government’s bulk data gathering practices. However, the European Court of Justice’s invalidation of Safe Harbor has serious consequences for both U.S. and European economies unless a solution is found quickly.

Privacy advocates and technology companies alike have suggested that the invalidation of Safe Harbor is an opportunity to improve upon the status quo. Moving forward, the Judicial Redress Act and other similar legislation in the U.S., such and the Law Enforcement Access to Data Stored Abroad Act that works to reform the Electronic Communications Privacy Act, must be enacted with a sense of urgency.

As policymakers in Washington, D.C. continue to discuss Safe Harbor and digital trade after multiple hearings on Capitol Hill and a recent visit from E.U. Justice Commissioner Vera Jourova, they must work with their partners across the Atlantic to put aside their differences and fast track new digital privacy laws that address the fundamental human rights to privacy and national security in a way that protects both U.S. and European citizens.

Experts weigh benefits, problems of open data

While open data experts extoll the benefits of encouraging governments to open their information vaults, some fret about unintended negative consequences that could come with it.

Speaking on a panel on the topic hosted by the Microsoft Innovation & Policy Center in Washington, D.C., Ryan Calo, assistant professor of the University of Washington School of Law, said there was “an opportunity” to strengthen the security of the data governments manage.

“I think that governments of all kinds, local and federal, can improve the overall ecosystem on privacy and security,” he said during the panel.

Calo referenced a paper he co-authored and released earlier this year that evaluated Seattle’s open data practices. The city was ahead of the curve when it came to data, but the vendors it used to gather data — on anything from 911 calls to parking violations — each faced different security requirements, he told FedScoop.

“It wasn’t that we found too many smoking guns exactly,” he said of the report. “It was rather that it was all over the place. Some vendors would make no guarantees about security.” Others had to have cryptology in place and agreed to notify the city in case of a breach.

Among his recommendations was that the city should have an overarching policy governing how vendors use and safeguard the data they gather for the city. And he said the recommendations could carry over to other cities and even the federal government.

Indeed, Joel Gurin, president of the Center for Open Data Enterprise, said data shouldn’t be opened up by accident.

“We’re seeing a couple instances of conflicting public goods,” Gurin said. In some cases, to get the highest value from data requires getting into territory where the risk of exposure is great, he said.

It’s a balancing act that the Consumer Financial Protection Bureau is trying to navigate as it makes available digital data of mortgage transactions under the Home Mortgage Disclosure Act, he said. The act means to avert discrimination in housing practices, and in a recent rulemaking the agency outlined efforts to continuously weigh the need for data with the importance of ensuring privacy.

“It’s a very innovative approach and we must start seeing that there is some kind of trade with some risk of some privacy exposure versus a public good,” Gurin said.

Gurin said open data has a number of economic benefits: For example, it could encourage the development of precision medicine — the idea that physicians could better tailor treatments to their patients’ genetic makeup and environment — and companies like online real estate firm Zillow and The Weather Channel are built on government data.

But there are other uses too. He pointed to the Education Department’s recently released College Scorecard, which allows users to look up information about average debt and average starting salary for colleges across the country.

“Had we known [the information from this scorecard] 10 years ago or five years ago, this would have dramatically changed every conversation with our kids, every conversation with our guidance counselor and would have given us a framework of reality of ‘What is this education really worth,’” said Gurin, who had three children graduate from college.

In all, he said the government’s data belongs to the citizens.

“It’s not just the government needs to put data out there because that is their own accountability,” he said. “It’s also saying government needs to put data out there because we pay for it as taxpayers, and it can actually help us.”

Pentagon’s digital service team gets a leader

Seattle-based serial entrepreneur Chris Lynch has been given the reins of the Pentagon’s digital service team.

Defense Secretary Ash Carter announced Lynch’s hiring Wednesday during a speaking engagement at George Washington University focused around his “Force of the Future” program.

Wednesday was Lynch’s first day as director of the Defense Digital Service, Carter said. The small team is based at the Pentagon.

A long-time tech entrepreneur, Lynch founded and led several startups, like North by Nine, a customer experience management platform that was acquired by ConversIQ. He also served as vice president of product engineering at Daptiv, a business software company, for seven years, and before that in a development role for Microsoft.

The DDS is based on and will resemble the White House’s U.S. Digital Service team, founded in the wake of the Healthcare.gov meltdown of 2013 to focus on getting the federal government’s most pressing digital priorities right. Since then, digital teams — essentially spokes off of the USDS hub — have popped up around government within agencies like the departments of Veterans Affairs, Education and Homeland Security.

The DDS “will bring in talent from America’s technology community to work for a specific time or for a specific project to apply a more innovative and agile approach to solving our most complex problems,” Carter said Wednesday.

Carter first announced the creation of such a team in April, saying then that it was imperative to find ways to attract a new generation of Americans “who grew up entirely in the Internet age, whose memories of 9/11 are either faded or dim or non-existent, and attract them to the mission of national security and national defense.” The team quickly went to work addressing insufficient health record interoperability between DOD and the VA, FedScoop reported previously.

Halfway down the West Coast from Lynch’s Seattle, the Pentagon is also building relationships with Silicon Valley technology talent through its Defense Innovation Unit – experimental team.

While the Pentagon is concerned with attracting America’s best and brightest innovative minds, Carter said Thursday that part of what will make the DOD an attractive employer for millennials will be letting them come and go between DOD and private industry.

Carter said civil service is typically seen as riding a career-long “escalator” to the top, based on merit, but he wants Defense personnel to “be able to get off the ‘escalator’ for a time, and then get back on without hurting their career but instead helping it” through options like the Secretary of Defense Corporate Fellowship program, which DOD is doubling in scope. The program allows highly qualified candidates to work in private industry — at companies like Google and SpaceX — for a year.

“Offering those kinds of opportunities will make us more attractive to future generations, too,” Carter said. “As long as our military continues to harness the best talent America has to offer, we’ll always come out ahead.”

New FBI warning after Brennan doxing

The FBI has revised a warning to senior police officers and other public officials about hacktivism and doxing, following the successful takeover last month of the personal email account of CIA Director John Brennan by teenage hackers.

The new warning, posted Wednesday evening, outlines a method of social engineering against an official’s personal email provider that self-described stoner hacktivists say they used to repeatedly take over Brennan’s AOL account. The hacktivists, in what they said was a protest against U.S. support for the Israeli occupation, later published Brennan’s Social Security number and other personal information — and that of family members and colleagues on the Obama 2008-09 transition team.

The new guidance includes an expanded set of defensive measures that all potential targets are advised to take on social media and online generally, but no new advice for telecom, email and Internet service providers.

“In a recent threat,” reads the new warning, a “threat actor” contacts the target’s ISP posing “as an employee of the company, and requests details regarding the target’s account. Utilizing these details, the caller then contacts the target’s email provider, successfully provides answers to security questions established for the email account, and is granted a password reset for the account.”

This is the process described by “Crackas With Attitude” in a series of encrypted chats, Twitter exchanges and other online communications with reporters after they began posting first boasts about penetrating Brennan’s email account, then data stolen from it.

“Ultimately,” concludes the FBI warning, the hacktivist “gains access to the victim’s email account and begins to harvest personal or other information.”

The FBI press office, in a statement emailed to FedScoop, said merely that “Recent media reports have highlighted hacktivism threats to law enforcement and public officials, causing them to update a doxing warning posted in April.

The original warning highlighted the way that hacktivists from the Anonymous collective were able to compile information available on the Internet, especially on social media sites, into revealing profiles of police officials and other public figures. It included a list of defensive measures individuals could take, like adjusting the privacy settings on social media accounts.

Wednesday’s warning offers an expanded list of defensive measures, including using invented, incorrect answers to security questions, especially ones like mother’s maiden name, which might be discoverable from public records. The revised warning also offers the following new advice:

Lawmakers don’t want feds to lead on connected car tech

The nation’s highway safety regulator plans to finalize a standardized system for vehicle-to-vehicle communication sometime in early 2016, an official said Wednesday, but some lawmakers are unimpressed, believing private industry could do the job better.

The National Highway Traffic Safety Administration will release a public proposal for its dedicated short-range communications (DSRC) system, which will enable vehicles to communicate instantaneously with one another and with nearby wired infrastructure like crash barriers and traffic lights, early next year, said Nat Beuse, NHTSA associate administrator for vehicle safety research.

“What the department is doing is putting hardware behind that system,” Beuse told lawmakers on the House Oversight and Government Reform Committee’s subcommittees on IT and Transportation and Public Assets. “What’s been done to date has been a lot of hard work with a lot of smart people coming up with the design. But now we feel that we have to actually build this and operate it to see what are the vulnerabilities in it and do some large-scale testing.”

He said NHTSA thinks it is ready to deploy for security and privacy testing DSRC technology and the associated standards, which many believe could address more than 80 percent of crashes caused by humans and drive efficiency in cars.

But Transportation and Public Assets Subcommittee Chairman Rep. John Mica, R-Fla., balked at the idea, saying DOT has already spent $500 million in taxpayer money on this project without seeing much, even sliding “behind the advances in technology.”

“We spend a lot of money, and we don’t see a lot of progress,” said Mica, a persistent critic of federal government programs and an advocate of privatization.

IT Subcommittee Chairman Will Hurd, R-Texas, brought up a similar concern, comparing the complexity of developing V2V communication technologies and standards with the unsuccessful, years-long struggle of the departments of Veterans Affairs and Defense to make their electronic health records system interoperable.

“DOD and VA spent over half a billion dollars trying to get two electronic health records to work together, and after four years, they said, ‘This is really hard. We’re going to have to go separate,’” Hurd said.

With so much prior investment from the automobile industry, “Why are we even thinking about the federal government getting involved in doing this when a standard hasn’t developed out of the private sector?” he questioned. “The private sector is going to be better equipped to develop this type of technology, and the thing is probably going to work a little bit better.”

Dean Garfield, president and CEO of the Information Technology Industry Council, said “there are complementary technologies being developed … that we can’t tell which is going to prove most effective” including the DSRC.

But Beuse said NHTSA hasn’t seen evidence of any competing developments, particularly in response to its 2014 advance notice of proposed rulemaking for the DSRC.

“If at some point in the future, or even in response to the proposal [next year], data comes in that shows there’s an alternative technology that can meet the safety potential,” NHTSA would consider that, he said.

Hurd objected, saying “the cat’s already out of the bag,” with companies like Tesla and General Motors developing these sorts of V2V communications. And he’d rather put his trust in the private sector to protect American drivers as well as their information stored in their cars, he said, acknowledging his concerns after the Office of Personnel Management was hacked, compromising the information of million of Americans, and “had the audacity to not even say ‘My bad.’”

Hurd finished, “I’m always concerned when we put too much faith in federal agencies to protect our information.”

DHS head: Agency to ‘strike balance’ between cybersecurity and counterterrorism

The Department of Homeland Security will look to “strike a balance” between cybersecurity and counterterrorism through the remainder of the Obama administration, DHS Secretary Jeh Johnson said Wednesday.

Speaking at a Federal Times event, Johnson said his cybersecurity goal for DHS before President Barack Obama leaves office is for civilian agencies to be covered by a common baseline of cybersecurity and to maximize the number of companies that benefit from information sharing.

“The reality is we live in an interconnected, networked world,” Johnson said. “Cybersecurity must strike a balance between basic security, online information and the ability to communicate with and benefit from that networked world.”

Johnson said that while DHS is primarily tasked with keeping the country safe from terrorist attacks, the department is upping its focus on protecting the country’s digital infrastructure. During his remarks, he addressed four areas in which he sees progress in regards to the nation’s cybersecurity stance.

He commended Congress for work done on two bills, including the Senate passage of the Cybersecurity Information Sharing Act and the House passage of the National Cybersecurity Protection Advancement Act. Johnson said the bills “strengthen the role of the Department of Homeland Security and our nation’s cybersecurity efforts.”

“Congress is actually getting stuff done in a bipartisan fashion,” he said.

He also spoke of a new dialogue with China over Beijing’s online plunder of U.S. firms’ trade secrets and intellectual property. An agreement reached earlier this year between President Barack Obama and his Chinese counterpart Xi Jinping would curb Chinese commercial espionage in cyberspace. Johnson said DHS is preparing for “ministerial level dialogue” during talks with Chinese officials to be held in Washington at the beginning of December. He said he doesn’t believe the talks will “resolve all of our challenges” with China, but they are a step forward to address “one of our sharpest areas of disagreement” in the countries’ relationship.

“Time will tell whether China’s government’s commitments are matched by action,” he said.

With regard to the federal government, Johnson touted the use of DHS’ intrusion prevention system Einstein 3A and the Continuous Diagnostics and Monitoring program. Since being rapidly deployed as part of the White House’s cybersecurity sprint, Einstein, or E3A, has stopped 700,000 possible attempts to steal government data or disrupt government systems. Additionally, CDM phase one has been rolled out to 97 percent of .gov systems, discovering 363 vulnerabilities. Johnson said 99 percent of those vulnerabilities have since been remedied.

Johnson also called for much greater education for IT users about the dangers of spear phishing, the highly targeted email spoofing method malicious actors use to enter networks.

“Whether it be .gov, .mil, .com, .edu, or .org, perhaps the most effective thing we can do for cybersecurity is create awareness among everyone who uses your systems to the damages of spear phishing,” Johnson said.

He detailed how DHS has run training programs within the agency, sending out fake phishing emails offering free Washington Redskins tickets. If employees click through the phony links, they are directed to training programs designed to educate users about the dangers of spear phishing.

Johnson concluded by saying there is “no one silver bullet” for cybersecurity, but the agency is moving to address what he considers a “shared problem” between the government and private industry.

“As the OPM breach painfully demonstrated, our federal cybersecurity efforts are not where they need to be,” he said. “But we are improving and detecting more and more intrusions every day.”