Following the Department of Homeland Security’s announcement of a new National Risk Management Center, critical infrastructure executives along with Federal agency leaders hailed the new coordinating wing of DHS as a way to harness the collective strengths of both government and industry to address cyber concerns that have the potential to hobble the nation’s critical functions.
DHS Secretary Kirstjen Nielsen convened a panel today at the DHS National Cybersecurity Summit following her announcement of the new center, and many on the panel said the establishment of the center was long overdue.
“This is required for the national security of America and I think today is a really important day in America,” said Tom Fanning, president and CEO of Southern Company, one of the nation’s largest utilities.
Fanning is also co-chair of the Electricity Subsector Coordinating Council, a CEO-led collective that engages the Federal government “with the mission of coordinating efforts to prepare for national-level incidents or threats to critical infrastructure.” He said the center is an opportunity to restore citizen trust that their vital interests are being protected.
“People are losing confidence in institutions of government, people that run them, and people are getting cynical,” he said. “This is a way where we can teach Americans that, in fact, the administration is working, and Congress and everyone else are working with private industry to make America better. It is a way to lean in and play offense. I think people are thirsting for those stories.”
“This was an obvious thing to do for a decade, but it didn’t happen,” said John Donovan, CEO of AT&T. He pointed out that many threats cut across sectors and said “things don’t conveniently come in the way” that government, the private sector, and individual companies have decided to organize themselves. “The ability to move at speed across organizations is really vital to effective defense,” he said.
Paul Nakasone, director of the National Security Agency and leader of U.S. Cyber Command, called public-private partnerships our nation’s “asymmetric advantage in cyberspace,” especially given that 90 percent of critical infrastructure lies in the private sector.
Ajay Banga, president and CEO of Mastercard, discussed how that can lead to potential problems. Despite strong defense postures from large commercial entities, he said it’s often smaller links in the chain that are targeted and lead to breaches at bigger companies, due to the interconnected nature of critical infrastructure.
Banga called for “joint exercises” between the three sectors represented on the panel, which are the ones DHS will be aiding first with the new center – telecommunications, energy, and financial services.
He said his company has already established good working partnerships through existing “cyber defense exercises,” which have allowed Mastercard to build rapport with the Federal Bureau of Investigations, “knowing whom to call for what, when,” and also “management protocol of how to respond.”
Protocol looks to be a big aim for the new risk management center, and FBI Director Christopher Wray said during the discussion that it will be vital to engage all related organizations, whether private or public entity, due to the specific advantages each one holds.
Wray discussed the cybersecurity deployments at each of the bureau’s field offices but noted the limitations of his organization.
“At the end of the day, we’re threat focused. We’re pursuing the threat, we’re identifying the threat, we’re attributing the threat. But to disrupt the threat, we’re going to have to figure out ways to be more creative as a public-private community, and there are all kinds of things that the private sector can do far more effectively than we could,” Wray said. “The idea is to combine strength with strength.”