Government

DHS to unveil National Risk Management Center

DHS plans to unveil a new interagency center to help critical infrastructure firms assess the risk that a ceaseless stream of cyberthreats pose to their networks.

By Sean Lyngaas

July 31, 2018

(U.S. Department of Homeland Security / Flickr)

The Department of Homeland Security will unveil on Tuesday a new interagency center to help critical-infrastructure firms assess the risk that a ceaseless stream of cyberthreats pose to their networks.

The National Risk Management Center is meant to be a one-stop shop for helping private companies manage their cybersecurity risk – and develop ways to mitigate it. Officials are expected to announce the center at a conference in New York City that will feature Vice President Mike Pence, Homeland Security Secretary Kirstjen Nielsen and other Cabinet officials.

The new initiative follows months of public statements from DHS officials about the need to better understand cyber risk spread across sectors. Effectively assessing risk requires “visibility into an often-opaque supply-chain process and a clear understanding of the threat,” Jeanette Manfra, DHS’s top cybersecurity official, said in April.

With the private sector telling DHS it needs more actionable threat data, the department has long looked to revamp its approach to helping protect banks, power companies, and other critical infrastructure firms from hackers.

The job is complicated by the expanding definition of critical infrastructure, as well as the fact that the vast majority of critical infrastructure in the United States is privately owned. The department designated voting systems as critical infrastructure in January 2017 following the probing of state systems by Russian hackers before the 2016 election, adding to a tally of 16 critical infrastructure sectors.

Reacting to the new risk management center, Bruce Potter, chief information security officer at cybersecurity company Expel, said that public-private collaboration was challenging in the current environment and that DHS should focus on incentivizing the private sector to build technology that is “secure by default.”

“Giving users systems that don’t require complex security know-how but rather are secure out of the box will go a long way to making our infrastructure and the country more secure,” Potter said.

DHS has repeatedly warned about the threats that advanced hacking groups pose to U.S. critical infrastructure, including through a March 2018 advisory that detailed Russian government hackers’ collection of information on the control systems used by power plants.

The Wall Street Journal was first to report on the new risk management center.