NEW YORK CITY — Homeland Security Secretary Kirstjen Nielsen announced Tuesday the creation of a new office within the department tasked with thwarting cyberattacks from foreign adversaries on America’s critical infrastructure, including banks, energy, and other industries, a DHS official has confirmed to the Washington Examiner.
The National Risk Management Center was rolled out to chief executives from top private sector companies and several Cabinet officials, including Vice President Mike Pence, at a government summit on cybersecurity in lower Manhattan.
“This event is the first of its kind. Today we are coming together—government leaders, CEOs, academics, and cyber experts—to send a message to these online threat actors: Game over,” Nielsen said.
[More: Next ‘major attack’ on US likely to happen online, not ‘on an airplane,’ DHS secretary says]
“This week the Department of Homeland Security is launching the National Risk Management Center — an initiative driven by industry needs and focused on fostering a cross-cutting approach to defend our nation’s critical infrastructure,” she added. “It will employ a more strategic approach to risk management borne out of the re-emergence of nation-state threats, our hyperconnected environment, and our survival need to effectively and continually collaborate with the private sector.”
Following some skepticism over the White House’s level of concern over election security, the move is meant to show that the Trump administration is taking outside cyberthreats on infrastructure seriously, and that it is moving to protect nongovernment entities.
“Your threat is our threat,” DHS Under Secretary for the National Protection and Programs Directorate (NPPD), Christopher Krebs, told the crowd. “We’re not here to talk. We’re here to act … United we stand, divided we fall. It’s going to take a collective defense model to enhance national cybersecurity.”
NRMC was developed to bridge the communication gap and implement a risk management approach between the government and private sector companies that have been affected and could be the target of future cyberattacks.
In 2017, hundreds of thousands of computers in more than 150 countries were infected with the WannaCry ransomware virus. The U.S. identified North Korea as the culprit behind the attack, which hurt healthcare and telecommunications industries.
“We are replacing complacency with consequences. To deter bad behavior, you have to punish it. And we cannot wait for ‘the big one,'” said Nielsen. “For far, far too long we have lacked a single focal point to bring government agencies and industry together to assess the digital dangers we face — and to counter them … a place where analysts and network defenders can address these risks together.”
DHS said part of the problem leading up to today has been a failure to see the whole picture, just certain players in the game.
“Critical infrastructure protection efforts have too often been focused on assets and organizations while missing some of the underlying services and functions, which can underestimate the importance of sector-wide and cross-sector risks and dependencies,” DHS said in a statement.
The office will oversee all cross-sector risk management activities and serve as the first point of contact for companies who have been attacked and need to alert the government.
NRMC’s first point of business is identifying “what is truly critical” to protect, developing methods for both sectors to guard them, and then creating a specific approach to how threats are handled.
