New DHS center to address cyber gaps

DHS Secretary Kirstjen Nielsen, shown here at her November 2017 confirmation hearing, announced the creation of a new National Risk Management Center on July 31. (Photo: Jetta Disco/DHS)

The leader of the Department of Homeland Security called on the federal government and private-sector firms to "crowdsource" defense of U.S. critical infrastructure as the threat of cyber attacks surpasses that of another monumental physical attack.

"Cyber threat collectively now outweighs" terror attacks such as 9/11, DHS Secretary Kirstjen Nielsen said in a July 31 presentation at the agency’s national cybersecurity summit in New York City.

Nielsen said the "next major attack" could well come online -- and could kick off a series of "cascading consequences" across intertwined technologies and infrastructures. "An attack on a single company," she said, "could rapidly spiral into the power, financial services" and other critical infrastructures.

Nielsen also pointed to recent nation-state-backed attacks as another reason to bolster common government and industry cyber defenses. She warned "foreign powers," calling out Russia in particular for its meddling in the 2016 election, that "America won’t tolerate interference" in its elections. She said the U.S. intelligence community "has it right" about the 2016 "influence campaign" against U.S. elections. "It was the Russians, directed from the highest levels," she said.

"The U.S. will no longer accept interference," Nielsen added. "You will be exposed and will pay a high price."

Part of the shield against the growing threat to critical infrastructure, she said, is a collective defense among the federal government and critical infrastructure providers.

Nielsen unveiled a new National Risk Management Center that will be a central hub of help and collaboration with industry for cyber defenses. The center, she said, will identify potential points of failure among the 16 critical infrastructure sectors that DHS oversees. Its cyber experts will work with industry cyber experts to contextualize threats and their potential impact, she said.  

According to Nielsen, the center will also get joint cyber/physical protection efforts rolling as the agency waits on Congress to approve the reorganization of the National Protection and Programs Directorate into the Cybersecurity and Infrastructure Security Agency.

Initially, the center will work on three interdependent critical infrastructure sectors -- financial services, telecommunications and energy -- to identify common, cross-cutting threats and mitigation opportunities. Other sectors will be folded into the effort through 90-day sprints, with a cross-sector exercise among them coming in the fall, Nielsen said.

The formation of the new center, she said, was spurred by increasing nation-state threats to critical infrastructure and the growing attack surface at critical infrastructure providers and elsewhere. Companies and even government agencies can be unsure whom to contact when they’re hit by a cyberattack. The center will provide them with a single point of access to DHS resources.

Paul Stockton, managing director of the economic and security advisory firm Sonecon LLC and a member of the Homeland Security Advisory Council, told FCW in an interview that the new center is "filling a critical gap in U.S. preparedness."

While some sectors, such as energy, financial services and communications, have assembled their own cyber defenses, more attention has to be paid to the cybersecurity seams between them, Stockton said. "Cross-sector resilience" is required to prevent failures that could cascade across them, such as a power failure that blacks out financial services. Similarly, he said, the communications sector is necessary for power companies to bring their grids back up.

Stockton said the new center will help industry and government identify those gaps, as well as where funding "will provide the biggest payoff" to fill cross-sector vulnerabilities.

Vice President Mike Pence, in closing remarks at the summit, called on the Senate to follow the House's lead and pass legislation to change NPPD's name to the Cybersecurity and Infrastructure Security Agency. 

Pence also echoed Nielsen in warning foreign powers to steer clear of U.S. elections, saying that "any attempt to interfere is an affront to democracy and won't be tolerated."  And he too acknowledged that the intelligence community's evidence of Russian meddling in the 2016 election was "unambiguous," though he blamed the Obama administration for weak cybersecurity efforts that "let the American people down." 

"We inherited a cyber crisis," Pence said. "The previous administration chose silence and paralysis over action."