With elections over, CISA focus shifts to risk management center


Secretary of Homeland Security Kirstjen Nielsen signaled that her newly minted cybersecurity agency would shift its focus to a number of longer term initiatives, such as mapping out national critical functions across different critical infrastructure sectors and changing culture and practices in global supply chain operations and procurement.

Speaking at a Nov. 16 U.S. Chamber of Commerce event just hours after President Donald Trump signed the Cybersecurity and Infrastructure Security Agency Act, Nielsen outlined four major shifts in the threat landscape that will require government and industry to rethink risk management practices: the deliberate targeting of critical infrastructure by nation states; the ability of cyberattacks like NotPetya to affect and disrupt different sectors and cause cascading damage, a tendency to view risk management through the lens of assets and organizations instead of critical functions and a recognition that resilience, not preventing an attack or breach, should guide organizational decision-making.

Nation states are "playing the long game to degrade our critical infrastructure and we need to respond strategically," Nielsen said.

Much of that long-term strategic vision will come through the agency's new National Center for Risk Management. The first big task entails working with industry partners to map out a list of critical infrastructure functions. Bob Kolasky, the center's director, told reporters that a true accounting would take years, but the agency hopes to have a working list developed to feed more analysis and other initiatives.

Chris Krebs, now Director of CISA, said that list should be ready by year's end. Once that's complete, the center wants to engage with researchers and stakeholders across different sectors to analyze and rank those functions to prioritize further action. Sectors with more mature risk profiles will likely take precedence, and the center has already established a tri-sector council to focus on the telecommunications, financial and energy industries.

A day earlier, DHS announced membership for its new 60-member supply chain task force. On the government side, representatives from DHS, the Departments of Defense, Treasury, Commerce, Justice, the General Services Administration, the Office of the Director of National Intelligence and the Social Security Administration will sit on the executive committee.

On the industry side, 26 major tech and communications companies and industry associations will also have a seat on the executive committee, including AT&T, Verizon, Intel, Microsoft, the Cybersecurity Coalition, threat intel firm FireEye and the Information Technology Information Sharing and Analysis Center.

Nielsen also pressed members of industry to sign up for existing DHS information sharing programs such as Automated Indicator Sharing, calling them "a great way to crowdsource against our adversaries who are crowdsourcing against us."

AIS has struggled to enroll private sector companies willing to share their own data with the federal government. The agency has also received complaints that large chunks of the data DHS shares is either not useful or lacks actionable guidance. Nielsen indicated she wants to change that.

"Tell us what you need from us and when it comes to intelligence, tell us how to make it more actionable so you can work to put it good use," said Nielsen.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at [email protected], or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


  • Workforce
    Former vice-president Joe Biden formally launches his 2020 presidential campaign during a rally May 18, 2019, at Eakins Oval in Philadelphia. (Matt Smith Photographer/

    Biden promises to undo Trump’s workforce policies

    Democratic candidate pledges to appropriate permanent funding to feds in case of another shutdown.

  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.