Launch of DHS cyber agency ‘more of a groundbreaking than a ribbon-cutting’

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

The Department of Homeland Security finally secured a name change for its cybersecurity-focused branch, but more importantly, its chief has laid out a two-year roadmap to bring it up to “full operating capability.”

President Donald Trump on Friday signed the bill that would rebrand DHS’ National Protection and Programs Directorate (NPPD) as the Cybersecurity and Infrastructure Security Agency (CISA).

Advertisement

Chris Krebs, the director of CISA, speaking at a U.S. Chamber of Commerce event in Washington, said the bill-signing amounted to “more of a groundbreaking than a ribbon-cutting,” and hinted at a two-year roadmap, dubbed CISA 2020, that outlines steps the agency will take to reach full maturation.

“I kind of see us as a 14-year startup organization,” Krebs said. “We have a number of processes that need to be mature. In fact, there’s been a little analysis by paralysis in the organization over a couple of years. This operationalizing the agency, this transformation was always just over the horizon, there weren’t historical investments made to really give us the business processes that we need.”

Over the past year, DHS has ramped up its efforts to improve information sharing efforts with the private sector, which owns a majority of the national critical infrastructure.

This summer, DHS launched its National Risk Management Center, which aims to engage industry on protecting that critical infrastructure. It stood up the NRMC by reconfiguring its existing Office of Cyber and Infrastructure Analysis.

“We shifted a 140-person organization in under three months into something that was delivering immediate value with the supply chain task force, with the pipeline security initiative, with the national critical functions initiative,” Krebs said. “That’s three tangible signs of progress in just a matter of months.”

DHS Secretary Kirstjen Nielsen on Friday said the launch of the NRMC helps address a “rapidly evolving threat landscape” that has “opened cracks in our defenses.”

“You all, the critical infrastructure community, deserve a federal ecosystem that has the resources, authorities and mission alignment to enable effective and lasting partnerships,” Nielsen said. “The stakes are simply too high to do it any other way.”

Going forward, Krebs said CISA looks to be transparent with its outreach to the private sector.

“We’re going to be transparent about the threat, and we’re going to be transparent about the things we’re doing together to counter that threat,” he said. “It does us no good if we’re hiding the ball and we’re not sharing the game plan. We’re not the intelligence community.”

But on the other hand, CISA also expects buy-in from the sectors it’s engaging with.

“My team is not going to build a solution that’s 90 percent done and then present it to our stakeholders and say ‘Here you go, what do you think?’ We’re going to come to you — we’re going to to go the critical infrastructure community first and ask, ‘What do you need? What do you need us to do? Let’s go build this thing together. Help me understand where the gaps in the market are? Where are the market failures?’ Let’s work those things together,” Krebs said.

Jeanette Manfra, CISA’s assistant director for cybersecurity and communications, said she’d like her agency to take a closer look at the federal procurement of IT services and products, with a direct look at the supply chain risks.

“We think we’re thinking big, strategic and tactical all at the same time,” Manfra said. “I think too often, when we talk about supply chain, we skirt some of the really hard conversations. But I think already, we’ve sort of said, ‘Look, this is what the government thinks. Are we right? Are we wrong?’ I know I’ve learned a lot just in the past year about the reality of all the good things that actually are already going on that maybe the government wasn’t aware of. And on the flip side, I think the government being more transparent about the information that we have access to in getting that to you all can really be helpful.”