On February 25, 2021, Secretary Mayorkas spoke at the final round of the 2nd Annual President’s Cup Cybersecurity Challenge. His prepared remarks are below:
Good afternoon, I’m Alejandro Mayorkas, Secretary of Homeland Security. It is an honor to be here today to kick off and celebrate the final round of the President’s Cup Cybersecurity Competition hosted by CISA, the Department’s Cybersecurity and Infrastructure Security Agency.
First of all, congratulations for making it to the final round! Now in its second year, this competition is a great example of our commitment to identify, challenge, and reward the best cyber talent in the federal government and U.S. military.
This competition is designed to meet challenges that reflect reality, because the threats facing our nation today are more complex, and the threat actors more sophisticated, than at any point in our history.
As the threat landscape evolves, we know that our approach to cybersecurity must continue to evolve, as well. Identifying, developing, and retaining cyber talent is crucial to achieve this goal and to secure our most critical infrastructure and functions.
It brings me great pride to know that there are such skilled, talented, and diverse cybersecurity defenders and cyber-operators across the federal government and U.S. military. We are going to need your knowledge and skills to move our country’s cybersecurity forward. As you will see during the livestream broadcast, our competitors are the best of the best.
Your talent is needed to advance the President’s commitment to elevate cybersecurity as a top priority across the government, strengthen partnerships with the private sector, and expand our investment in infrastructure and people.
Earlier this week, I outlined some initial steps that our Department is taking to implement the President’s commitment.
I am delighted to announce today that we are increasing the required minimum spend on cybersecurity via FEMA grant awards from 5% to 7.5%, an increase of $25 million across the country.
We are also evaluating and implementing additional capabilities, including potential new grant programs, through CISA to support state and local authorities because the nation’s cybersecurity is only as strong as its weakest link.
Let me briefly outline why this is so important:
Cybersecurity is not only about protecting the federal government. This is certainly a top priority, especially now in the wake of the ongoing cyber campaign, and the Department will continue to prioritize the ongoing efforts to mitigate the impact of the breaches and to be better prepared in the future. But cybersecurity is also about protecting critical infrastructure across the country and protecting the American people.
We are currently fighting not only the COVID19 pandemic, but also an epidemic that is spreading through cyberspace: ransomware. Criminals and nation-state actors alike have paralyzed cities across the country – from Atlanta to Baltimore – as well as several dozen police and sheriffs’ offices such as in Fisher County, Texas. Genesee County, Michigan, which includes the town of Flint, was hit by ransomware two years ago paralyzing the county’s tax department for weeks.
Ransomware – like most cyber attacks – exploits the weakest link. In addition to disrupting city governments, schools, and companies, ransomware has also been disrupting hospitals and health care facilities who are already strained going above and beyond the call of duty during this ongoing crisis.
Last October, CISA, together with other government agencies, warned of the growing threat of ransomware targeting the healthcare and public health sector. Previous ransomware attacks illustrate the risk to COVID-19 vaccine deployment efforts that depend on key production and logistics facilities.
Let us be clear: ransomware is not new. It has been around for years. What is new is the evolution of attackers’ methods, namely their ability to make money from it, and the increased frequency of these attacks.
Tackling ransomware and protecting the weakest link will require partnering with state, local, tribal, and territorial governments and private sector entities across the country. This cross-sector collaboration is the hallmark of DHS’s approach to cybersecurity. Earlier this month, for example, CISA launched its “Reduce the Risk of Ransomware” Campaign to encourage public and private sector organizations to take action to mitigate ransomware risk.
With respect to the money part, DHS will follow the adage ‘follow the money’ and leverage the U.S. Secret Service, through its Cyber Fraud Task Forces, to respond to ransomware incidents, arrest those that engage in this criminal activity, and work with other agencies to counter this threat.
This approach illustrates my vision to (1) further empower DHS to effectively execute its mission to lead federal efforts to mitigate cybersecurity risks to the United States, (2) serve as the government’s interlocutor with the private sector on cybersecurity, and (3) expand its investment in the infrastructure and people required to defend against malicious cyber-attacks as part of a whole-of-government effort.
To advance this vision, I will soon be announcing a series of “cybersecurity sprints” to mobilize action in specific priority areas. Building on the example of the 30-day Cybersecurity Sprint in 2015 that effectively mobilized stakeholders across government to improve federal network security, these sprints will be calls to action to make tangible progress in key areas. To start, we will be developing an initial set of sprints dedicated to combatting ransomware, building a deep and diverse cyber workforce, and urgently improving the security of our nation’s industrial control systems.
CISA plays the central role in this vision. CISA led the national effort to secure the 2020 election, including by sharing timely cybersecurity information with state, local, tribal, and territorial election officials across the country and collaborating with federal government and private sector partners. CISA has and will continue to provide incident response assistance to entities impacted by a cyber intrusion and will facilitate shared cybersecurity services that can be used by federal civilian agencies and state, local, tribal, and territorial governments to rapidly improve cybersecurity capabilities.
Last December, Congress, through the National Defense Authorization Act, further empowered CISA to execute its mission to secure federal civilian government networks and our nation’s critical infrastructure from physical and cyber threats. This includes new authorities for CISA to “hunt” for cyber threats in federal agency networks and more effectively identify vulnerable technologies used by critical infrastructure sectors.
Looking ahead, it will be critical to ensure that CISA has the resources and capacity to effectively implement its existing and new authorities.
Beyond CISA, DHS also plays a crucial role in increasing the cybersecurity across the transportation sector, from aviation to rail to maritime to pipelines
through the U.S. Coast Guard and Transportation Security Administration. The U.S. Secret Service and ICE’s Homeland Security Investigations combat 21st century crimes – many of which are cyber-enabled. For example, in 2020 alone, the Secret Service responded to 539 network intrusions, arrested over 1,000 people for cyber-financial crimes, and seized over $140 million in assets.
Our cybersecurity cannot be advanced in a vacuum. It takes talented people like you. Building a more robust cybersecurity workforce is the linchpin for this vision to succeed. Computers run code, but people still run computers – for now at least.
We need to expand the pool of cyber talent with the skills to write secure code, defend our networks, respond to incidents when they occur, and protect our critical infrastructure from cyber attacks.
To build a more robust cybersecurity workforce, we must ensure a more diverse, equitable, and inclusive cybersecurity workforce. A workforce that reflects America. With diversity comes more diverse perspectives that help inform better policy- and decision-making. It also allows us to maximize the full potential that the people of this nation have to offer and to fill the half million cyber vacancies across America.
Weaving diversity, equity, and inclusion into the fabric and cyber activities of the Department will therefore also be our priority. At CISA, a third of its workforce represents minorities, slightly over a third are women, and two out of five are veterans. We will continue to make strident and concerted efforts to integrate DEI into our talent recruitment, development, and retention efforts and position the Department as a top choice employer among those who are seeking a career in cybersecurity and infrastructure protection.
As we look ahead, we remain committed to working with our public and private sector partners as we defend today, and secure tomorrow.
Today’s competition is proof of this commitment. The competition started in August 2020 with over with 249 teams and more than 1,400 individual competitors across the federal government and military.
I look forward to the outcomes of final round competitions today and hope many of you will compete again in the Cup next year. Throughout this competition, remember that we are all in this together. Remember that we are only as strong as our weakest link.
Good luck to today’s final participants and thank you again for your service.