DHS Stands Up New Cyber Risk Center to Protect High-Value Targets

Secretary of Homeland Security Kirstjen Nielsen address the DHS National Cybersecurity Summit, Tuesday, July 31, 2018, in New York.

Secretary of Homeland Security Kirstjen Nielsen address the DHS National Cybersecurity Summit, Tuesday, July 31, 2018, in New York. Bebeto Matthews/AP

Featured eBooks
The IT Modernization Mission
Read Now

Ransomware Threat

Read Now

What's Next For Government Cloud

Read Now

Federal Agencies Exploring Computing at the Edge

Read Now
Joseph Marks By Joseph Marks,
Senior Correspondent

By Joseph Marks

|

The center will free up NCCIC to work on cyber threat sharing and incident response, officials say.

NEW YORK – The Homeland Security Department is launching a national risk management center to tackle key cybersecurity priorities, including creating a registry of the nation’s digital “crown jewels,” Sec. Kirstjen Nielsen said Tuesday during a government cyber summit in New York.

The center will initially focus on the energy, telecom, health care and financial services sectors and will organize much of its work in a series of “90-day sprints” focused on particular national cyber priorities, Nielsen said.

That early sprint focused on cataloging the nation’s most vital digital assets mirrors work Homeland Security has been doing internally to focus greater efforts on protecting the most important government systems rather than protecting all systems equally.

Another key focus for the center will be helping protect industry supply chains from cyber threats, said Jeanette Manfra, a top Homeland Security cyber official.

The risk center will have a broader and longer-range focus than Homeland Security’s National Cybersecurity Communications and Integration Center, or NCCIC, which is the current point agency for cyber information sharing between government and industry, Manfra said.

By focusing on longer-range projects, such as the cyber risk registry and supply chain threats, the risk center will free up the NCCIC to focus on operational issues, such as alerting industry about new digital vulnerabilities and responding to breaches, Manfra said.

In some cases that may mean a company will have one representative at the NCCIC, working with Homeland Security on urgent operational issues, and another at the risk center, focused on big-picture goals, she said.

As a general framework, the center will focus first on figuring out if government agencies and the private sector agree about the cyber risks facing a particular sector and, second, on reaching agreement about how to counter those risks, she said.

The center will be initially comprised of staff pulled from elsewhere at Homeland Security and managed with existing funding, Manfra said.

Officials may seek more resources for the center during future budget cycles, she said, adding that Homeland Security didn’t want to wait on the congressional budget cycle before standing the center up.

Another key goal for the risk management center will be to make a stronger case to industry about the value of cooperating with government on combating cyber threats, said Chris Krebs, who leads Homeland Security’s cyber and infrastructure protection division.

The private sector owns the vast majority of U.S. computer networks and other digital equipment but has been hesitant to share what it’s seeing with the U.S. government.

Congress passed legislation in 2015 that gave companies legal protection from being sued if they share that data into a Homeland Security-run automated system, but, nearly three years, later only six organizations have signed up to share their data automatically.

About 200 private-sector organizations are receiving government threat indicators, which is far below lawmakers’ hopes for the program.

“We’ve struggled to identify the value proposition that would incentivize someone to share back in,” Krebs said. “What we’re trying to do through the center is identify those use cases where it would make sense for a company to contribute into the [automated indicator sharing] program.”

Nielsen spent much of her keynote at the cyber summit stressing the magnitude of the cyber dangers facing industry.

The next major 9/11-scale attack against the U.S. is more likely to be a digital attack than a physical one, she said. Much like before the Sept. 11, 2001 attacks, the government is hampered by “walls” and “stovepipes” that make it difficult to share key threat information quickly enough, Nielsen added.

“What’s more, our growing digital dependence means that vulnerabilities can have widespread, unpredictable, and cascading consequences when they are exploited,” she said.

Nielsen frequently paused to urge industry members in the audience to contribute to the risk center and, after the event’s first panel discussion polled the audience about who would chip in. When about half the audience members raised their hands, she said she’d keep checking back throughout the day.

NEXT STORY: Supply Chain Cybersecurity a Major Legislative Priority for House Homeland

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.