On July 31, the Department of Homeland Security (DHS) hosted the first-of-its-kind National Cybersecurity Summit in New York City, bringing together industry partners and top federal officials with the goal of laying out a vision for a collective defense strategy to protect our nation’s critical infrastructure. The summit brought together Vice President Mike Pence, Secretary Kirstjen M. Nielsen, Secretary of Energy Rick Perry, Federal Bureau of Investigation Director Christopher Wray, and Commander, U.S. Cyber Command and Director, National Security Agency General Paul M. Nakasone, DHS Under Secretary Chris Krebs, U.S. Secret Service Director Randolph Alles, and DHS Assistant Secretary Jeanette Manfra, alongside top CEOs from across industry including the telecom, financial, and energy sectors.
“We are not waiting for the next intrusion before we act,” said DHS Secretary Kirstjen Nielsen. “We are taking a clear-eyed look at the threat and taking action—and notably—collective action to combat them.”
Throughout the Summit, DHS and its government and industry partners agreed on a series of concrete steps to better understand what is truly critical and work together to reduce strategic risk.
Secretary Nielsen announced the creation of the National Risk Management Center, which will coordinate national efforts to protect the nation’s critical infrastructure.
The National Risk Management Center will create a cross-cutting risk management approach across the federal government and our private sector partners through three lines of effort:
- Identifying and prioritizing strategic risks to national critical functions;
- Integrating government and industry activities on the development of risk management strategies; and
- Synchronizing operational risk management activities across industry and government.
The National Risk Management Center advances the ongoing work of DHS and government and private sector partners to move collaborative efforts beyond information sharing and develop a common understanding of risk and joint action plans to ensure our nation’s most critical services and functions continue uninterrupted in a constantly evolving threat environment. The Center will work closely with the National Cybersecurity and Communications Integration Center (NCCIC), which will remain DHS’s central hub for cyber operations focused on threat indicator sharing, technical analysis and assessment services, and incident response. The two centers will work hand-in-hand to ensure effective coordination between strategic risk management and tactical operations.
The Department also unveiled the formation of the Information and Communications (ICT) Supply Chain Risk Management Task Force, which will be comprised of subject matter experts from industry and government. The Task Force will be housed in the Center and will examine and develop recommendations for actions to address key strategic challenges to identifying and managing risk associated with the global information and communications technology supply chain and related third-party risk. The Task Force is intended to focus on potential near- and long-term solutions to manage strategic risks through policy initiatives and opportunities for innovative public-private partnership.
Secretary Nielsen also discussed DHS’ ongoing commitment to improving the nation’s cybersecurity posture through the timely sharing of actionable cyber threat indicators via the free Automated Information Sharing (AIS) program. DHS has prioritized working with industry to identify improvements to AIS and will roll out an updated platform in the fall with upgraded capabilities to improve our collective defense. These improvements are based on feedback received from industry and will include additional context and improved feedback mechanisms to be more relevant and meaningful to users.
In his closing keynote address, Vice President Pence highlighted the Administration’s focus on cybersecurity and the critical role this summit played in moving forward with these efforts. Vice President Pence also called on the U.S. Senate to enact legislation to create the Cybersecurity and Infrastructure Security Agency before the end of the year.
At the summit, a diverse group of more than twenty CEOs from some of the largest companies in the world and senior-most government officials convened specifically to discuss cybersecurity and critical infrastructure risk management. They were joined by hundreds of others from across a wide range of industries. The Department will continue to lead the federal government’s efforts for an integrated, cross-sector approach to protect our nation’s critical infrastructure from the growing cyber threat.