Attacks/Breaches

7/31/2018
04:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

DHS Establishes Center For Defense of Critical Infrastructure

Center foundational to new government-led 'collective defense' strategy for sharing and responding to cyberthreats, DHS secretary says.

The US Department of Homeland Security has established a new National Risk Management Center to facilitate cross-sector information sharing and collaborative responses to cyber threats against critical infrastructure.

At a cybersecurity summit in New York City on Tuesday, DHS Secretary Kirstjen Nielsen described the center as the foundation of a new collective defense strategy led by the US government to respond more forcefully to threats against US interests in cyberspace. The center will bring together security experts from government — including those from intelligence and law enforcement agencies — and security experts from the private sector.

"We are facing an urgent, evolving crisis in cyberspace," Nielsen said in a keynote address to cybersecurity leaders from government, the private sector, and academia at the DHS-led summit. "Our adversaries capabilities are outpacing our stove-piped defenses," to the point where virtual threats now pose an even bigger threat to national security than physical threats, she said.

Nielsen, a senior Trump Administration official, used the event to warn foreign adversaries against continuing hostile activities against US interests noting that the country is fully prepared to take a range of deterrent actions to stop them. She pointedly called out Russia's cyberattacks on the US energy grid and its "brazen campaign" to interfere in the 2016 Presidential election as examples of hostile state-sponsored activity against the US.

"Our intelligence community had it right. It was the Russians," Nielsen said, referring to Russia's role in the US elections. "We know that. They know that. It was directed from the highest levels." Such attacks will not be tolerated going forward, she said.

The goal in establishing the new risk management center is to provide a focal point for information sharing between government and private industry as well as between organizations across different industry sectors.

Operators of critical infrastructure, most of who are in the private sector, often have a lot of the threat information that must be pieced together for a more complete understanding of cyber threats. But because the data is siloed, government and the private sector have hard a hard time putting cyber threats into proper context and understanding their full implications and effects, Nielsen said.

"The private sector can help us contextualize threats," she noted. "We will look to their expertise to help us understand how the pieces work together," in order to develop actionable responses to those threats.

Unlike previous attempts at fostering closer collaboration between government and the private sector, the new National Risk Management Center's mission is not just about enabling better information sharing. The center will also facilitate 90-day sprints, when organizations from different critical sectors will conduct joint tabletop exercises and other threat operations to identify common vulnerabilities.

Sprints for Security

The center will assemble a national risk registry that will identify and prioritize the most critical threats across industry so they can be remediated quickly. The first of the 90-day sprints will involve organizations from the energy, financial services, and communications sectors. Representatives attending the summit from these industries expressed support for the DHS plan.

"This was an obvious thing to do for a decade but it didn't happen," said John Donovan, CEO of AT&T Communications. Organizations that are in a defensive posture in cyberspace cannot rely on attacks and threats playing out exactly the way they might have prepared for them, he said.

In the future, "resilience is going to be a function of our ability to understand and share experiences," across sectors, he said. Each organization in critical infrastructure sectors has a piece of what it takes to solve a larger threat puzzle and true threat mitigation can happen only through collective information-sharing.

Tom Fanning, CEO of gas and electric utility Southern Company, said that previous tabletop exercises have shown big vulnerabilities exist at the points of intersection with other sectors. A collective approach to cybersecrity of the sort that is being enabled by the new risk center is vital because of the interdependencies between organizations in different sectors, he said.

"When we do our biggest tabletop exercises, one of the things we learn very quickly is that as resilient as we think we may be, we can always be better," he said.

A collective effort is also critical because attackers often are looking for the weakest link that provides a way to the strongest, said Ajay Banga, CEO of MasterCard. When an organization gets attacked, it does not always happen because the entity belongs to a specific industry, but because of the access they might provide to other organizations that are of interest to an attacker, Banga said.

But for truly collective defense to happen, government will need to change regulations to the point where organizations feel comfortable to say something if they see something without fear of legal repercussions, he said.

Related Content:

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.