Cybersecurity

New DHS center to address cyber gaps

DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

DHS Secretary Kirstjen Nielsen, shown here at her November 2017 confirmation hearing, announced the creation of a new National Risk Management Center on July 31. (Photo: Jetta Disco/DHS)

The leader of the Department of Homeland Security called on the federal government and private-sector firms to "crowdsource" defense of U.S. critical infrastructure as the threat of cyber attacks surpasses that of another monumental physical attack.

"Cyber threat collectively now outweighs" terror attacks such as 9/11, DHS Secretary Kirstjen Nielsen said in a July 31 presentation at the agency’s national cybersecurity summit in New York City.

Nielsen said the "next major attack" could well come online -- and could kick off a series of "cascading consequences" across intertwined technologies and infrastructures. "An attack on a single company," she said, "could rapidly spiral into the power, financial services" and other critical infrastructures.

Nielsen also pointed to recent nation-state-backed attacks as another reason to bolster common government and industry cyber defenses. She warned "foreign powers," calling out Russia in particular for its meddling in the 2016 election, that "America won’t tolerate interference" in its elections. She said the U.S. intelligence community "has it right" about the 2016 "influence campaign" against U.S. elections. "It was the Russians, directed from the highest levels," she said.

"The U.S. will no longer accept interference," Nielsen added. "You will be exposed and will pay a high price."

Part of the shield against the growing threat to critical infrastructure, she said, is a collective defense among the federal government and critical infrastructure providers.

Nielsen unveiled a new National Risk Management Center that will be a central hub of help and collaboration with industry for cyber defenses. The center, she said, will identify potential points of failure among the 16 critical infrastructure sectors that DHS oversees. Its cyber experts will work with industry cyber experts to contextualize threats and their potential impact, she said.  

According to Nielsen, the center will also get joint cyber/physical protection efforts rolling as the agency waits on Congress to approve the reorganization of the National Protection and Programs Directorate into the Cybersecurity and Infrastructure Security Agency.

Initially, the center will work on three interdependent critical infrastructure sectors -- financial services, telecommunications and energy -- to identify common, cross-cutting threats and mitigation opportunities. Other sectors will be folded into the effort through 90-day sprints, with a cross-sector exercise among them coming in the fall, Nielsen said.

The formation of the new center, she said, was spurred by increasing nation-state threats to critical infrastructure and the growing attack surface at critical infrastructure providers and elsewhere. Companies and even government agencies can be unsure whom to contact when they’re hit by a cyberattack. The center will provide them with a single point of access to DHS resources.

Paul Stockton, managing director of the economic and security advisory firm Sonecon LLC and a member of the Homeland Security Advisory Council, told FCW in an interview that the new center is "filling a critical gap in U.S. preparedness."

While some sectors, such as energy, financial services and communications, have assembled their own cyber defenses, more attention has to be paid to the cybersecurity seams between them, Stockton said. "Cross-sector resilience" is required to prevent failures that could cascade across them, such as a power failure that blacks out financial services. Similarly, he said, the communications sector is necessary for power companies to bring their grids back up.

Stockton said the new center will help industry and government identify those gaps, as well as where funding "will provide the biggest payoff" to fill cross-sector vulnerabilities.

Vice President Mike Pence, in closing remarks at the summit, called on the Senate to follow the House's lead and pass legislation to change NPPD's name to the Cybersecurity and Infrastructure Security Agency. 

Pence also echoed Nielsen in warning foreign powers to steer clear of U.S. elections, saying that "any attempt to interfere is an affront to democracy and won't be tolerated."  And he too acknowledged that the intelligence community's evidence of Russian meddling in the 2016 election was "unambiguous," though he blamed the Obama administration for weak cybersecurity efforts that "let the American people down." 

"We inherited a cyber crisis," Pence said. "The previous administration chose silence and paralysis over action."

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.