At an appropriations hearing, Homeland Security Secretary Kirstjen Nielsen said she's losing sleep over cybersecurity threats.
Cybersecurity threats "keep me up at night," said Homeland Security Secretary Kirstjen Nielsen at an April 11 appropriations hearing. "It changes quickly. It’s prolific. It’s non-stop and it’s from many, many, many sectors."
DHS is seeking more than $644 million just for a mix of programs to support federal agency cybersecurity, including the Continuous Diagnostics and Mitigation program and the network shield system known as EINSTEIN.
Nielsen told the House Appropriations Homeland Security subcommittee Chairman Rep. John Carter (R-Texas) that she was looking "at maturing the department." That includes continuing efforts to communicate across agencies and collaborate on issues such as cybersecurity.
The biggest challenge at DHS is entrenched, established ideas at the sprawling department, Carter warned Nielsen, and conquering those siloed attitudes "is not an easy task," he said.
Rep. Dutch Ruppersberger, (D-Md.), asked Nielsen about the overall status of the agency’s cybersecurity mission. He also vowed to provide Nielsen with a report he said he assembled over the last six months through speaking with former top DHS officials and cybersecurity experts about the issue.
The report, he said, recommends holding a subcommittee hearing on cybersecurity. He also said the report looked at how DHS could help protect against "leaked cyber tools" -- referencing exploits developed by the National Security Agency but stolen by the Shadow Brokers hacker group in 2017 -- as well as how DHS could get a clearer view of threats to industrial control systems.
The threat to state election systems was also on Ruppersberger’s mind.
He asked how DHS is helping the Election Assistance Commission manage the $380 million funded by the omnibus spending bill for state and local governments to improve their election system cybersecurity.
"All Americans need to know that their vote was counted and counted correctly," Nielsen responded. “We need to ensure that trust is there."
She said DHS is offering state and local election organizations penetration testing, vulnerability assessments, exercises, training as well as threat information bolstered by help from the NSA and the intelligence community.
"The states themselves have taken, in my opinion, a lot of good steps over the last few months to organize themselves from a governance perspective. This is not a traditional homeland security interaction. We have not in the past worked with state election officials. We normally work with owners and operators or critical infrastructure," she said.
DHS, she said, has worked to bring states "into the fold," helping them engage with their own homeland security advisers, governors and other states.
She urged states to consider the offer of DHS services.
"They’re free. We can help you build capacity and capability. We can check your systems. We can help you with real-time response. We can help monitor and flag nefarious activity and give you the coordination mechanisms to work with other states to find the patterns of attacks," Nielsen said.