Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/31/2018
04:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

DHS Establishes Center For Defense of Critical Infrastructure

Center foundational to new government-led 'collective defense' strategy for sharing and responding to cyberthreats, DHS secretary says.

The US Department of Homeland Security has established a new National Risk Management Center to facilitate cross-sector information sharing and collaborative responses to cyber threats against critical infrastructure.

At a cybersecurity summit in New York City on Tuesday, DHS Secretary Kirstjen Nielsen described the center as the foundation of a new collective defense strategy led by the US government to respond more forcefully to threats against US interests in cyberspace. The center will bring together security experts from government — including those from intelligence and law enforcement agencies — and security experts from the private sector.

"We are facing an urgent, evolving crisis in cyberspace," Nielsen said in a keynote address to cybersecurity leaders from government, the private sector, and academia at the DHS-led summit. "Our adversaries capabilities are outpacing our stove-piped defenses," to the point where virtual threats now pose an even bigger threat to national security than physical threats, she said.

Nielsen, a senior Trump Administration official, used the event to warn foreign adversaries against continuing hostile activities against US interests noting that the country is fully prepared to take a range of deterrent actions to stop them. She pointedly called out Russia's cyberattacks on the US energy grid and its "brazen campaign" to interfere in the 2016 Presidential election as examples of hostile state-sponsored activity against the US.

"Our intelligence community had it right. It was the Russians," Nielsen said, referring to Russia's role in the US elections. "We know that. They know that. It was directed from the highest levels." Such attacks will not be tolerated going forward, she said.

The goal in establishing the new risk management center is to provide a focal point for information sharing between government and private industry as well as between organizations across different industry sectors.

Operators of critical infrastructure, most of who are in the private sector, often have a lot of the threat information that must be pieced together for a more complete understanding of cyber threats. But because the data is siloed, government and the private sector have hard a hard time putting cyber threats into proper context and understanding their full implications and effects, Nielsen said.

"The private sector can help us contextualize threats," she noted. "We will look to their expertise to help us understand how the pieces work together," in order to develop actionable responses to those threats.

Unlike previous attempts at fostering closer collaboration between government and the private sector, the new National Risk Management Center's mission is not just about enabling better information sharing. The center will also facilitate 90-day sprints, when organizations from different critical sectors will conduct joint tabletop exercises and other threat operations to identify common vulnerabilities.

Sprints for Security

The center will assemble a national risk registry that will identify and prioritize the most critical threats across industry so they can be remediated quickly. The first of the 90-day sprints will involve organizations from the energy, financial services, and communications sectors. Representatives attending the summit from these industries expressed support for the DHS plan.

"This was an obvious thing to do for a decade but it didn't happen," said John Donovan, CEO of AT&T Communications. Organizations that are in a defensive posture in cyberspace cannot rely on attacks and threats playing out exactly the way they might have prepared for them, he said.

In the future, "resilience is going to be a function of our ability to understand and share experiences," across sectors, he said. Each organization in critical infrastructure sectors has a piece of what it takes to solve a larger threat puzzle and true threat mitigation can happen only through collective information-sharing.

Tom Fanning, CEO of gas and electric utility Southern Company, said that previous tabletop exercises have shown big vulnerabilities exist at the points of intersection with other sectors. A collective approach to cybersecrity of the sort that is being enabled by the new risk center is vital because of the interdependencies between organizations in different sectors, he said.

"When we do our biggest tabletop exercises, one of the things we learn very quickly is that as resilient as we think we may be, we can always be better," he said.

A collective effort is also critical because attackers often are looking for the weakest link that provides a way to the strongest, said Ajay Banga, CEO of MasterCard. When an organization gets attacked, it does not always happen because the entity belongs to a specific industry, but because of the access they might provide to other organizations that are of interest to an attacker, Banga said.

But for truly collective defense to happen, government will need to change regulations to the point where organizations feel comfortable to say something if they see something without fear of legal repercussions, he said.

Related Content:

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Could you pass the hash, I really have to use the bathroom!
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-9892
PUBLISHED: 2019-05-22
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbit...
CVE-2019-10066
PUBLISHED: 2019-05-22
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment i...
CVE-2019-10067
PUBLISHED: 2019-05-22
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context...
CVE-2019-6513
PUBLISHED: 2019-05-21
An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.
CVE-2019-12270
PUBLISHED: 2019-05-21
OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. The ...