In the face of increasing cyberattacks, the Department of Homeland Security is creating a new center to share threat information with private companies and kicking off a 90 day sprint to identify the country’s digital “crown jewels" that may be especially vulnerable, the agency’s secretary said July 31.
The National Risk Management Center is expected to provide a centralized home where firms and local agencies can turn for cybersecurity solutions.
“The next major attack is more likely to reach us online than on an airplane,” said Homeland Security Secretary Kirstjen Nielsen. She added that “intruders are in our systems” and “everyone and everything is now a target.”
The announcement came during a cybersecurity summit that the Department of Homeland Security hosted in New York City. The event aimed to bridge the gap between the government and some of the top companies in the United States that make up the critical parts of American digital life. It was envisioned as the start of a new relationship between the private and public sector.
Nielsen said that the threat center is “driven by industry needs” and is spurred by a ”re-emergence of the nation state threat” and the “hyperconnected environment” of the United States. She said that previously some local governments have called 911 during a cyberattack. In the future, they would call the new cyber center.
“Nation-state actors attempt to infiltrate critical infrastructure operations across multiple sectors,” a Homeland Security fact sheet on the new center read. It added there is a “need for an agreed-upon playbook to integrate government and industry response efforts.”
The center also provides a playbook for risk management and identifying critical cyber supply chain elements. Although there are already government-backed risk-sharing initiatives, DHS leaders hope that the private sector will be more willing to share their challenges and expertise.
Jeanette Manfra, the assistant secretary for the Office of Cybersecurity and Communications at Homeland Security, told reporters that the new center is "going to start small, we don’t want to sign up for all sorts of things and then fail.”
The hope is for the national counterterrorism center to be able to focus on incident response, and the center announced on Tuesday will focus on identifying national risk. The risk center will pull staff from other parts of government, Manfra said. A leader has not been named, and it has not received an increased budget.
Throughout the conference, government officials were eager to entice the private sector to work with the new risk center. It appears that business participation is a necessary condition for the centers' success.
The announcement comes just one week after Homeland Security warned that the Russian government is conducting cyberattacks against critical infrastructure sectors that include energy, nuclear, water, aviation and critical manufacturing.
“The warning lights are blinking red," Coats said during a July 13 event at the Hudson Institute.
Current threat sharing portals have been described as ineffective. The Cybersecurity Information Sharing Act of 2015 already attempted to spur collaboration between the public and private sector.
Some experts told Fifth Domain that they did not expect the new portal to be groundbreaking.
Only six companies are currently sharing cyberthreats with government, according to Chris Krebs, head of the national protection and programs directorate at Homeland Security.
“We have to establish a value proposition for an organization to share into the system,” said Krebs. He highlighted better supply chain risk management as an incentive that would set the new center apart from previous intelligence-sharing schemes.
Companies can write into their contracts that their vendors must use the threat-sharing portal so they know that contractors are managing third-party risks, Krebs said.
At the event in New York City, some of the largest corporations praised the new program while speaking onstage with top government officials.
“This was an obvious thing to do for a decade but it didn’t happen,” said John Donovan, the chief executive of AT&T.
Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.