Krebs: NPPD must use threat intel better

The DHS office charged with protecting critical infrastructure needs to get better at assessing cyber risk rather than chasing threats, according to a top agency official.
Chris Krebs
Christopher Krebs speaks June 13, 2018, at the Forcepoint Cybersecurity Leadership Forum produced by CyberScoop and FedScoop. (CyberScoop)

The agency inside the Department of Homeland Security charged with protecting critical infrastructure needs to get better at assessing cyber risk rather than chasing threats, according to a top DHS official.

“We have a threat intelligence problem…because we obsess about the threat,” Christopher Krebs said Wednesday at the Cybersecurity Leadership Forum presented by Forcepoint and produced by CyberScoop and FedScoop. “We’re running this way and that way, hunting down every little piece of threat intelligence and reacting without a lot of context.”

As an example, Krebs pointed to the Illinois voter registration system that Russian hackers breached ahead of the 2016 presidential election. Even if the hackers had been able to delete voter files, Krebs said, voters would still have been able to cast their ballots by having their registration verified through other records, meaning the risk was manageable.

Putting the risk, or lack thereof, of cyberthreats into context is a big task for DHS as it helps states prepare for the 2018 midterm elections.  As another round of primaries wrapped up Tuesday, Krebs told CyberScoop that the department had yet to detect any malicious activity on state networks from “known actors tied to an existing campaign.” He contrasted that activity with the run-of-the-mill network scanning that states – like countless organizations across the internet – experience regularly.


In tackling cyber risk to critical infrastructure, DHS earlier this year established a supply chain program to provide risk assessments to critical infrastructure firms and federal agencies on products they may acquire or deploy.

Krebs, whom the Senate confirmed Tuesday evening as undersecretary of the National Protection and Programs Directorate, told CyberScoop that the program was still getting off the ground through pilot testing.

While the program will address coding, the bigger focus is on equipment itself, Krebs said. “It’s going to be very important coming up with the 5G build-out, so we’re working with the telecommunications companies,” he added.

DHS has been an enforcement arm of a U.S. government policy to clamp down on supply-chain risk from Russian and Chinese companies that U.S. officials deem a national security threat. The department last year directed all civilian agencies to remove products and services from Kaspersky Lab from their networks. The Moscow-based antivirus vendor posed an “unacceptable risk” to the U.S. government, Krebs told forum attendees.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts