The Department of Homeland Security is rolling out a series of 60-day cybersecurity-focused sprints as part of the Biden administration’s broader response to cyber threats.
DHS Secretary Alejandro Mayorkas said the White House is working on nearly a dozen actions as part of an upcoming cyber-focused executive order. The order will be focused around improving threat detection, information sharing, federal procurement and speeding up agencies’ response to cyber incidents.
Mayorkas said each cyber sprint has a dedicated action plan within DHS, builds off existing agency efforts and focuses on knocking down interagency roadblocks for cyber response. He outlined the following six cyber sprints:
“DHS must lead by example. We must have our own house in order before we can expect others to heed our advice. We must model what effective partnerships look like, we must ensure our own workforce is reflective of the communities we serve,” Mayorkas said at Wednesday’s RSA Conference.
To motivate the next generation of cyber talent to consider government service, Mayorkas said DHS is partnering with the Girl Scouts to expand cyber education, and the agency is making diversity, equity and inclusion a greater part of its recruitment work.
“Diversity, equity and inclusion is more than an initiative, it’s a core value. It’s a reflection of who we are and who we need to be,” he said.
Mayorkas also outlined four medium-term cyber priorities for his tenure. Agencies, he said, must “build back better” in the aftermath of the SolarWinds compromise, and embrace zero-trust architectures to make systems more resilient. However, Mayorkas acknowledged this work will require long-term investment.
“This cannot be done in a sprint, as it will take months or even years to fully implement,” he said.
Other medium-term priorities include strengthening supply chain security and improving the integrity and resiliency of election infrastructure.
Mayorkas added that DHS is also focused on work beyond the “crisis of the day,” and looking to address “strategic, on-the-horizon issues” like encryption that can withstand advances in quantum computing
To maximize CISA’s trust and reputation with industry partners, Mayorkas said DHS is launching an awareness campaign to ensure private companies understand the tools available under CISA. DHS is also launching an expanded cybersecurity grant program to support the adoption of these services.
Mayorkas said he considers CISA the “quarterback” for the federal cyber response, echoing an analogy made recently by House Homeland Security Committee Ranking Member John Katko (R-N.Y.)
However, CISA also works closely with federal law enforcement agencies that prosecute cybercriminals and the intelligence community, which focuses on how adversaries plan to orchestrate cyber-attacks on U.S. networks.
“We know that even the best quarterback can’t win a game alone,” Mayorkas said.
The agency will also work with a Senate-confirmed nation cyber director that Congress mandated in the 2021 National Defense Authorization Act. The Biden administration, however, has yet to nominate anyone for the position.
Chairman of the House Armed Services Committee’s emerging threats and capabilities subcommittee Jim Langevin (D-R.I.) said Mayorkas has elevated the profile of CISA and its workforce as the “lynchpin of his cybersecurity agenda.”
Langevin, a member of the Cyberspace Solarium Commission, which recommended Congress authorize new capabilities for CISA, said he’ll work to ensure that CISA receives adequate funding in the 2022 spending bill to support its added responsibilities.
“I am glad the Secretary shares my expanded vision for CISA as it matures, a vision that encompasses understanding and mitigating risk across critical infrastructure sectors and federal networks. I look forward to working with him to turn that vision into reality,” Langevin said.