The Department of Homeland Security (DHS) will launch a National Risk Management Center this week to provide a first response outlet for private sector critical infrastructure companies that are targeted by cyberattacks, DHS Secretary Kirstjen Nielsen announced today.
Speaking at DHS’ inaugural National Cybersecurity Summit, Nielsen called the new center a “focal point” for DHS and the private sector with a mission of coordinating responses to attacks and efforts to remediate their impact. She said the new center will use a “cross-cutting approach to defending our nation’s critical infrastructure” and “employ a more strategic approach to risk management, borne out of the reemergence of the nation-state threat.”
Nielsen said that, in practice, the center should be the first place that critical infrastructure providers call when they are hit with a cyberattack. DHS is aiming to “simplify the process” for private companies to access the full range of government authorities and capabilities to act in response to cyber threats.
“For far, far too long, we have lacked a single focal point to bring government agencies and industry together to assess the digital dangers we face and to counter them, a place where analysts and network defenders can address these risks together, through the full myriad of mission sets that we look at when we address cyber,” Nielsen said, adding that the center’s creation was “driven by industry needs.”
The new center will be housed at DHS headquarters and will begin operations immediately. She said the process is beginning with a “tri-sector model” by first engaging financial services, telecommunications, and the energy sector. The Department will begin a 90-day sprint to address cybersecurity needs in these sectors, culminating in a “major cross-sector exercise” in the fall.
The National Risk Management Center, in addition to providing government tools to remediate threats in the private sector, will look to provide the “so what” of each event, Nielsen said. By taking each event or piece of threat data–what she called a “puzzle piece”–DHS will attempt to fit disparate attacks into the greater cybersecurity landscape in order to establish context and down-the-line implications.
Christopher Krebs, DHS’ top cyber official, called the center the “most important” of several announcements DHS will make today regarding new initiatives to improve cybersecurity “based on clear identified need, a demand signal from industry.”
Nielsen referred to that range of new initiatives as “bold new efforts starting today that will make the digital infrastructure of our country more resilient.” The impetus has been a notable uptick in attacks on government and the private sector, she said.
“I wish I could tell you that we’ve rounded a corner, but last year was the worst ever in terms of cyberattack volume,” she said. “I believe that cyber threats collectively now exceed the danger of physical attacks against us. This is a major sea change for my department and for our country’s security.”
Nielsen added that today’s summit–which convened critical infrastructure tech leaders and academia–will provide the opportunity to “crowdsource our response” to the threats and said that the proceedings will yield even further action steps as the day progresses.
“We look at the end of the day to be able to announce some very tangible actions that we will agree to throughout the day,” she said.