DHS to launch cyber sprints
- By Justin Katz
- Apr 01, 2021
The Department of Homeland Security will embark on a series of 60-day sprints to move forward on ransomware and cybersecurity workforce issues as well as the defense of industrial control systems, transportation systems and election infrastructure.
The first sprint will address ransomware, which “now poses a national security threat,” DHS Secretary Alejandro Mayorkas said at a March 31 virtual conference hosted by RSA. The sprint will include actions that help organizations lessen the risk of falling victim to an attack by engaging with industry and key partners, such as insurance companies, he said. When it comes to responding to ransomware attacks, “we will strengthen our capabilities to disrupt those who launch them and the marketplaces that enable them,” he said.
The sprint developing the government cybersecurity workforce, which will begin next month, will include a focus on diversity, equity and inclusion, Mayorkas said, promising to publish the agency's own diversity data.
"Beyond DHS, we will champion [diversity, equity and inclusion] across the cyber workforce of the entire federal government," he said.
A third sprint on industrial control systems security will begin this summer to look at some of the risks arising from the use of cyber-physical systems in water, electricity and natural gas infrastructure. Currently, different standards and regulatory authorities apply across industrial sectors.
"The cybersecurity incident at the water treatment facility in Florida last month was a powerful reminder of the substantial risks we need to address," he said.
Mayorkas also said the department is drafting a proposal to establish a cybersecurity response and recovery fund to provide assistance to state, local, tribal and territorial governments. He noted the Cybersecurity and Infrastructure Security Agency is continuing to fill state cybersecurity coordinator positions. CISA officials said at recent congressional hearings said they have filled approximately half of those posts so far.
DHS will also begin an awareness campaign focused on educating private industry about resources and services CISA has to offer as well as an expanded cybersecurity grant program to "facilitate and support the adoption of those services," Mayorkas said.
The hacking campaign against SolarWinds and new zero-day exploits found in Microsoft Exchange servers highlight vulnerabilities in the supply chain.
“While some risks are clearly associated with certain foreign companies and governments, we need a risk-based approach to ensure we address all systemic supply chain risks,” Mayorkas said. “Bearing in mind that 100% cybersecurity is not possible, this includes considering zero trust architectures where needed to reach the level of resilience required.”
Mayorkas also said that a coming executive order on cybersecurity will contain "nearly a dozen actions," designed to "improve in the areas of detection, information sharing, modernizing federal cybersecurity, federal procurement and federal incident response."
That order is expected to include a requirement that federal contractors disclose breaches of their systems to the government.
This article was first posted to FCW, a sibling site to GCN.
Justin Katz covers cybersecurity for FCW. Previously he covered the Navy and Marine Corps for Inside Defense, focusing on weapons, vehicle acquisition and congressional oversight of the Pentagon. Prior to reporting for Inside Defense, Katz covered community news in the Baltimore and Washington D.C. areas. Connect with him on Twitter at @JustinSKatz.