As the Department of Homeland Security continues to change the way it handles various cyberthreats the U.S. faces, the agency’s head said it’s focusing on making essential functions provided by critical infrastructure sectors more resilient.
“Today’s cybertattacks can manifest in physical consequences and attackers are deploying cyber weapons to disrupt and destruct, requiring much more sophisticated defenses,” DHS Secretary Kirstjen Nielsen said at the SINET conference in Washington on Thursday. “Infrastructure continues to be a significant target of interest for a diverse group of threat actors. Nation-states such as Russia, China, Iran, North Korea, as well as cybercriminals, terrorist groups, and others today can initiate attacks anywhere in the world, any time.”
As DHS plays a lead role in warding off the cyberthreats Nielsen described, she described focusing on protecting specific critical infrastructure assets as an outdated norm. Instead, DHS is looking to focus on protecting essential functions that are the product of multiple sectors, she said. Focusing on assets, Nielsen said, means focusing on “systems that are usually owned are particular entity,” which she suggested hinders the collaboration needed to effectively protect critical infrastructure.
“What we’re trying to move away from is that limited silo concept to a concept of all of the essential functions that are performed by multiple entities in a functional supply chain,” Nielsen said. “The reality in today’s increasingly complex environment is that risk faced by one sector can’t be managed alone by that sector.”
The department plans to leverage partnerships through the National Risk Management Center (NRMC), announced in late July, to identify such cross-sector functions and understand how to make them resilient against adversaries. The center is meant to be a hub where DHS can directly strategize with critical infrastructure firms to help mitigate the risks and threats they face.
“I will never tell you as secretary of Homeland Security that we can protect against everything, because we can’t. So we ourselves are instilling the culture of what I call ‘relentless resilience.’ As part of that, we have to focus from a risk perspective on what is most important, what is most critical. We will work with industry to do just that,” Nielsen said.
One of the areas the NRMC will focus on first is positioning, navigation and timing (PNT), the DHS chief said. These three capabilities are mostly known for enabling GPS services, but also play a part in various critical infrastructure sectors like health care, financial services and aviation.
“A lot of us think about that when we use a GPS device on our phone, whether it’s Google Maps or Waze, perhaps. But that’s also what allows us to settle our bank accounts. It’s also what allows a hospital to give you microsurgery. It allows air traffic control to flow,” Nielsen said.
Nielsen tried to contrast her agency’s top priorities today with what it focused on when it was established a decade and half ago, in the wake of the 9/11 terrorist attacks. While it was established with a main mission to ward off terrorist threats, shoring up the country’s cyberdefenses has risen to a primary focus of the agency.
“That has changed so much that now cyber is certainly at the top of my list as secretary of Homeland Security,” Nielsen said.