Twice in the past week, including on the anniversary of the Sept. 11 terrorist attacks, leaders from the Department of Homeland Security have said the largest threat to the United States is no longer terrorism, but cyberattacks.
On Sept. 5, Homeland Security chief Kirstjen Nielsen said during a speech at George Washington University that her agency “was founded 15 years ago to prevent another 9/11. I believe an attack of that magnitude is now more likely to reach us online than on an airplane.”
The warnings on the anniversary of the Sept. 11 attacks were similarly blunt.
”The cyber threat has eclipsed the threat from physical terrorism,” Matthew Travis, a deputy undersecretary at Homeland Security said during the Professional Services Council’s Tech Trends event. He added that the cyber threat “despite lots of recent warnings and reflection by senior leaders in government still may not be taken as seriously as it needs to be by all of us.”
The Department of Homeland Security has pledged reform in the face of the growing cyber threat.
An agency spokesperson told Fifth Domain in a Sept. 7 email that DHS is reorganizing its intelligence units into mission centers that focus on counterintelligence, counterterrorism, cyber, economic security and transnational organized crime. The change was modeled after CIA reforms. The previous Homeland Security intelligence structure is not clear.
Some details of the reorganization were announced in Nielsen’s Sept. 5 speech, where she announced “a shift from a ‘counterterrorism’ posture at DHS to a wider ‘counter-threats’ posture to make sure we are doing everything possible to guard against nation-state interference.”
State-sponsored cyberattacks on American businesses “drives us to lock arms with industry in a much more collaborative and a much more serious and a much more analytical nature than we have done before,” said Travis, the Homeland Security assistant secretary during the Sept. 11 speech.
The partnership with businesses has become a centerpiece of the agency’s strategy to defend against cyberattacks.
In July, the Department announced the creation of a cyber risk management center that aimed to give businesses better information about threats. The risk center is housed under the National Protection and Programs Directorate, or NPPD.
Yet no new funding has been set aside for the risk center, Jeanette Manfra, an assistant secretary at the department told reporters Sept. 6. Instead, she said the agency has taken existing resources and repurposed them.
“The real emphasis we are starting to see out of NPPD with the new risk center is the tone that they want to partner with the private sector,” Frank Cilluffo, the director of the Center for Cyber and Homeland Security at George Washington University told Fifth Domain. He said it looked like the department has begun to build relationships with the private sector after years of stalled action. “We have been long on nouns and short on verbs.”
Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.