The Homeland Security Department and Homeland Security Advisory Council are exchanging summer homework, respectively asking for recommendations for the presidential transition and a plan for coordinating cross-sector cybersecurity responses.
During the council’s June 2 meeting, DHS Secretary Jeh Johnson urged members to come up with suggestions for the agency’s transition plan by the council’s October meeting.
“Transition planning is well under way, but I would like to know in preparation for that [meeting], what this committee believes are some of the agenda items that are ongoing that the next administration should focus on in homeland security,” Johnson said. “Some of the things we’ve begun, some of the things we’ve been unable to complete, or some of the things that we — perhaps in all candor — should focus on where we haven’t. It’ll be a time of transition, it will be on everybody’s mind.”
HSAC’s Cybersecurity Subcommittee asked Johnson to focus the next version of the National Cyber Incident Response Plan (NCIRP) from DHS to include “cross- sector resilience.”
“We found that the readiness of individual lifeline sectors to meet the threat is very strong and improving quickly,” said Paul Stockton, co-chair of the subcommittee and managing director of Sonecon LLC. “The electricity subsector, financial services and communications, they’re doing well in terms of being able to handle direct threats to their own sectors. Where we need to make significant progress … is to build cross-sector resilience. That is the unmet challenge and the area where we have the furthest to make progress.”
The subcommittee provided a summary of its nine months of work to help DHS craft an improved response plan.
Stockton said that among the concerns is that cyber incidents are geographically unlimited. He also pointed out that unless malware is completely eradicated, there’s always a chance of a “re-attack,” and government leaders and industry need to find a way to communicate during an incident — even if the adversary has targeted digital communication like social media.
“I entirely support the approach of all hazards preparedness,” Stockton said. “We need structures to coordinate across government and with industry, we need common ways of coordinating our efforts regardless of the cause of an incident. Our findings are that cyber incidents are going to require different approaches within the overall common framework that are going to be very difficult to meet.”
Coordinating efforts, priorities
Christopher Boyer, assistant vice president for global public policy at AT&T spoke about the communication subsector recommendations.
He said the number one thing DHS can do for industry is finalize an NCIRP, that “literally gets into the who, what, when and where of how to respond to cyber attacks in terms of how the private sector partners with government.”
Boyer also recommended DHS adopt a cyber-communications scale, which would help industry understand what type of incidents cyber experts are looking for, and what response is required depending on the level of severity of an incident.
Russ Fitzgibbons, chief risk officer at The Clearing House, also stressed for the financial sector the importance of finalizing the NCIRP so that “the right people are sitting at the table, they understand their roles, their responsibilities and it is flexible enough to deal with whatever issue comes.”
Fitzgibbons also echoed the need for formalizing a crisis management and escalation process and ensuring it touches all sectors, and making sure to include stakeholders when it comes to cybersecurity planning and response.
Johnson’s request was part of his presentation to the council on his priorities for theroughly 200 days remaining of his term.
Johnson said his overarching priority continues to be management reform.
That means continuing the implementation of the department’s Unity of Effort initiative, as well as the joint task force for handling border security.
Johnson also said the employee viewpoint survey was out and early numbers showed a “significantly higher” participation rate than in 2015.
The secretary highlighted the reprogramming of $34 million for added overtime and faster hiring of new transportation security officers (TSOs) at airports. He said DHS is also asking Congress to reprogram an additional $28 million to change some part time TSOs to full time workers.