The Department of Homeland Security (DHS) will create a National Risk Management Center that will focus on protecting critical infrastructure from cyberattacks.
At the National Cybersecurity Summit in New York City on July 31, 2018, the Department of Homeland Security announced the creation of the National Risk Management Center (Center), a new component of DHS's cyber operations. The Center will work directly with federal government and private sector partners to protect infrastructure such as banking, energy and election systems from cyberattacks. The Center will seek to:
- identify and prioritize strategic risks to national critical functions;
- integrate government and industry activities on the development of risk management strategies; and
- synchronize operational risk management activities across industry and government.
The Center will be a continuation of existing efforts by DHS to protect critical national infrastructure and will work closely with the National Cybersecurity and Communications Integration Center (NCCIC), which was established in 2009. The NCCIC will remain DHS's central hub for sharing threat indicators and providing incident response services. The Center will focus on understanding what threats are truly critical to private companies and the ways in which various public and private entities can communicate more effectively to reduce risk.
During her remarks at the summit, DHS Secretary Kirstjen Nielsen indicated that the creation of the Center was a response to the increasing threat of cyberattacks from foreign actors. Ms. Nielsen referenced Russian interference in the 2016 election and stated that cyberattacks posed a greater risk to national security than physical attacks.
DHS also announced the creation of a task force to be housed within the Center called the Information and Communications (ICT) Supply Chain Risk Management Task Force. The ICT Task Force will recommend solutions for identifying and managing risk within the global supply chain through policy initiatives and public-private partnerships.
At the summit, Secretary Nielsen compared combatting a cyber threats to solving a puzzle. The private sector brings to the table data about trends, implications and effects of an attack on businesses, while the public sector provides intelligence information that can be crucial to identifying the origin of the attack. The National Risk Management Center will focus on engaging both perspectives in hopes of bolstering critical infrastructure systems.
The success of the ITC Task Force, and the Center more broadly, may ultimately depend on buy-in from businesses in the private sector. While companies appear to be interested in receiving information regarding potential cyber threats from the government, some remain reluctant to share information with the government for fear of increased exposure to liability. The Center is an indication from the federal government that it recognizes the benefits to be gained from public-private partnerships.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.