A special to USLAW NETWORK and USLAW DigiKnow
By Karen Painter Randall, Connell Foley LLP, Roseland, New Jersey
On July 31, 2018, the Department of Homeland Security (DHS) hosted a summit in New York City where members of both the public and private sectors came together to discuss the protection of critical national infrastructure. Noteworthy attendees included Vice President Mike Pence and FBI Director Mike Wray, who along with other members of government and representatives from a variety of industries, sought to produce a vision of collective defense to combat active threats to national critical functions and infrastructure.
At the summit, DHS Secretary Kirstjen Nielsen announced the creation of the National Risk Management Center, which will facilitate the national cybersecurity efforts this summit sought to encourage. Such efforts include: (1) identifying and prioritizing strategic risks to national critical functions; (2) integrating government and industry activities on the development of risk management strategies; and (3) synchronizing operational risk management activities across the private and public sectors. The Center also seeks to advance collaborative efforts beyond information sharing, and instead produce a common understanding of what constitutes a risk. The goal is to create joint action plans to allow critical services and functions to continue operating without pause in the constantly evolving realm of threats. The Center will work with the National Cybersecurity and Communications Integration Center (NCCIC) to ensure effective coordination between risk management and tactical operations, according to the press release from the DHS.
Secretary Nielsen also revealed the formation of the Information and Communications (ICT) Supply Chain Risk Management Task Force, which pairs subject matter experts from both sectors to examine and develop recommendations for actions to deal with challenges faced by the global information and communications technology supply chain and related third-party risks. Moreover, Secretary Nielsen announced DHS’s desire to further improve the timely sharing of actionable cyber threats through the Automated Information Sharing program (AIS). The ambition, she stated, is to produce an updated platform in the fall. Lastly, in his closing address, Vice President Pence lauded the critical role the summit played in furthering the current administration’s focus on cybersecurity. He also called for the U.S. Senate to enact legislation to create the Cybersecurity and Infrastructure Security Agency before the end of the year.
Taken as a whole, the topics covered at the Summit show a great deal of promise for improved security of the nation’s critical infrastructure; but more generally, it demonstrates that cybersecurity is now squarely in the forefront of the executive branch of the United States government. The creation of a federal cybersecurity agency may simplify issues surrounding the appropriate response to breach, as rarely is a cybersecurity threat intra-jurisdictional. As such, a centralized federal agency may help organizations that face multijurisdictional cybersecurity concerns.