DHS Creates Cyber Risk Center to Protect High-Value Targets

NEW YORK – The Homeland Security Department is launching a national risk management center to tackle key cybersecurity priorities, including creating a registry of the nation’s digital “crown jewels,” Sec. Kirstjen Nielsen said Tuesday during a government cyber summit in New York.

The center will initially focus on the energy, telecom, health care and financial services sectors and will organize much of its work in a series of “90-day sprints” focused on particular national cyber priorities, Nielsen said.

That early sprint focused on cataloging the nation’s most vital digital assets mirrors work Homeland Security has been doing internally to focus greater efforts on protecting the most important government systems rather than protecting all systems equally.

Another key focus for the center will be helping protect industry supply chains from cyber threats, said Jeanette Manfra, a top Homeland Security cyber official.

The risk center will have a broader and longer-range focus than Homeland Security’s National Cybersecurity Communications and Integration Center, or NCCIC, which is the current point agency for cyber information sharing between government and industry, Manfra said.

By focusing on longer-range projects, such as the cyber risk registry and supply chain threats, the risk center will free up the NCCIC to focus on operational issues, such as alerting industry about new digital vulnerabilities and responding to breaches, Manfra said.

In some cases that may mean a company will have one representative at the NCCIC, working with Homeland Security on urgent operational issues, and another at the risk center, focused on big-picture goals, she said.

As a general framework, the center will focus first on figuring out if government agencies and the private sector agree about the cyber risks facing a particular sector and, second, on reaching agreement about how to counter those risks, she said.

The center will be initially comprised of staff pulled from elsewhere at Homeland Security and managed with existing funding, Manfra said.

Officials may seek more resources for the center during future budget cycles, she said, adding that Homeland Security didn’t want to wait on the congressional budget cycle before standing the center up.

Another key goal for the risk management center will be to make a stronger case to industry about the value of cooperating with government on combating cyber threats, said Chris Krebs, who leads Homeland Security’s cyber and infrastructure protection division.