DHS risk agency eyes January policy push

The National Risk Management Center at the Department of Homeland Security is working to develop a list of national critical functions, functions so important that a disruption could cause a national or economic security crisis, by the end of the year.

Bob Kolasky, the center's director, said he's been given marching orders to keep the list to a manageable size.

"I've been told I better not come up with a list of more than 100 national critical functions, that's too many," said Kolasky at a Dec. 6 event hosted by ICF. "But [even] 100 requires some prioritization."

DHS hasn't decided how public it will make that list. Kolasky said further discussion is needed among officials and industry stakeholders around risk mitigation, but the new center does plan on making aspects of the list and priorities public in some form.

In the meantime, DHS is already moving forward on initiatives in a number of sectors, such as election security, where stakeholders already have a sense of their own national critical functions. A tri-sector coordinating council composed of representatives from the electric, finance and communications sectors have already developed their own preliminary lists, including electricity generation and transmission, wireless communications, insurance and finance. Next week, DHS will host a non-public workshop with representatives from all 16 critical infrastructure sectors to complete the list.

One hope is that the list will end up fueling smarter intelligence collection by the U.S. government.

"The conversations we've had with the [intelligence community] is that this will help focus some of our intel collection in ways where industry will help us understand: what are the real critical things that they do," said Kolasky. "What are the critical nodes … the things that allow those functions to produce and let's make sure we're thinking about any threats to that and treating those different from … the average cybersecurity threat."

Another area ripe for immediate action is supply chain management. Kolasky will be taking over as co-chair for the newly created ICT supply chain task force. Kolasky downplayed the change in an interview with FCW, saying other DHS officials like Emile Monette and Mark Kneidinger will continue to be involved but that DHS felt the profile of the task force necessitated higher level ownership.

"This is a huge priority of CISA", Kolasky said, in reference to the new Cybersecurity Infrastructure Security Agency at DHS.

The executive committee met last month and reviewed a list of nine priorities and "good ideas out there" around supply chain management that were produced by previous government and industry research efforts, and the group is planning to announce a more robust list in January that will drive the creation of further working groups to drill down further.