DHS Launches Cybersecurity Agency, With Trump Signing Law
Department of Homeland Security Secretary Kirstjen Nielsen repeatedly cited the need for “relentless resilience” Friday, lauding launch of the Cybersecurity and Infrastructure Security Agency. President Donald Trump signed legislation Friday restructuring the National Protection and Programs Directorate into CISA, a new DHS agency.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
CISA will be “customer-focused by design,” Nielsen told a U.S. Chamber of Commerce event. She said public-private partnerships will let the U.S. “crowdsource” against nations like Russia and China, which are “deliberately targeting our critical infrastructure.” For the next week or two, DHS will draw up a two-year road map for the office, said National Protection and Programs Directorate Undersecretary Chris Krebs.
The DHS Information and Communications Technology Supply Chain Risk Management Task Force met for the first time Thursday to address supply chain threats. Industry isn’t collaborating with DHS to “waste its time,” Krebs said during a news conference at the event. DHS is focused on producing value from the data industry delivers, said Assistant Security-Office of Cybersecurity and Communications Jeanette Manfra. The agency isn’t feeding the data into a government black box, she said. Industry representatives called for tangible results stakeholders can benefit from.
“I don’t want this to be some philosophical exercise in discussing the supply chain problem,” said Information Technology Industry Council Vice President-Global Policy and Law John Miller. Companies have bought into the concept of industry and government officials working together in the same room, he said, and progress a year from now will be establishing the task force as a focal point for this public-private effort with proactive recommendations. USTelecom Senior Vice President-Cybersecurity Robert Mayer expects a concrete set of priorities within a year.
The task force will be similar to how the National Institute of Standards and Technology cybersecurity framework gathered existing practices and made them accessible to all stakeholders, said AT&T Assistant Vice President-Global Public Policy Chris Boyer. Transparency will be a byproduct of the partnership, said Microsoft Director-Cybersecurity Policy Jacob Crisp.
DHS wants to engage industry beyond asking for public comments, said DHS Cybersecurity Strategist Emile Monette, saying it won’t be engagement for engagement's sake. This isn’t just government or industry figuring out how to do this better, he noted, saying working together will “raise the whole tide.”
The cyber task force should “tackle the full spectrum of the cyber supply chain,” Cisco Chief Security Officer-Global Value Chain Edna Conway blogged Thursday: That includes people, equipment and processes. She recommended DHS’ task force identify “areas of potential impact;” prioritize “likelihood of occurrence and severity of impact;” establish “criteria for addressing impacts;” and deploy “a methodology for routine monitoring and adjustment to mitigate risk impacts.