If the Homeland Security Department wants to bolster its cybersecurity defenses it will take a village, and that extends to the general public.
The agency is reexamining the need for shared responsibility in tackling the nation’s cyber challenges, brought to the forefront ahead of the Nov. 6 midterms. But Jeanette Manfra, National Protection and Programs Directorate assistant secretary for the Office of Cybersecurity and Communications at DHS, said this has been in the works for a while.
“Everybody has got a role in raising our defenses and making it harder for these bad actors and we’ve got to work together in a way that we’ve probably really never done before,” Manfra said on Cybersecurity Month. “And so the government needs to lean further forward in how we work with private companies, how we work with the public, how we work with our own systems and then we’re asking everybody, from the individual consumer all the way up to CEOs, to make cybersecurity a priority in everything that they do.”
She spoke with Federal News Network’s Jason Miller in recognition of the 14th annual National Cybersecurity Awareness Month. This year, strengthening the workforce is top of mind, she said. DHS will need a reliable pipeline of cybersecurity professionals and that starts with education.
Manfra said it matters that teachers and schools make it clear to students that cybersecurity is an available career path and that the tools exist for them to learn about it. She also said cybersecurity has to be part of an agency’s risk management strategy, and chief information and technology officers need to have access to their leadership.
Manfra said progress has been made but it requires thinking about risks from third-parties, such as the procurement process, all the way up to chief information officers. Empowering CIOs with the tools they need, whether through continued diagnostics and mitigation or the National Cyber Protection System, is also critical, she said.
“I think the federal government has challenges much like a large corporation does, in thinking about cybersecurity,” she said on Federal Drive with Tom Temin. “It’s not something that you can delegate to a group of technical folks that you give a closet somewhere to go figure things out and hope that if you give them more money they’re going to solve it.”
In July, DHS said it would be standing up the National Risk Management Center to provide a single point of access for companies to talk to the agency about cyber attacks. This month, DHS is looking for specific measures which the federal government can undertake to make systems more secure without applying “limited resources to limited solutions,” Manfra said.
She said this month her office will see if staff need additional courses such as the Federal Virtual Training Environment. She wants to make sure CIOs and CFOs are aware of the tools already available.
And when it comes to high-value assets, Manfra said it’s best to ensure that mission owners are involved in risk decisions and have a sense of how cyber risks can impact their mission risks.
“We’ve been working on deploying some tools, whether that’s mapping their supply chain, helping them understand what that looks like or even just general ‘here’s what cybersecurity means,’” she said. “If you’re not in this space it can be a bit daunting and so helping folks who may not have a background in technology understand what this means, what we’re talking about, things like the [National Institute of Standards and Technology] cyber framework — what does that mean? How do you apply that to your mission?”