At a cybersecurity summit in New York this week, Department of Homeland Security Secretary Kirstjen Nielsen sounded an alarm about the dangers posed to the U.S. by cyber attacks.
“Cyberattacks now exceed the danger of physical attacks… This has forced us to rethink homeland security,” Nielsen said.
During that meeting, Nielsen also announced the creation of a National Risk Management Center to protect the nation from online attacks. Also this week, Congress passed the annual National Defense Authorization Act, which addresses cybersecurity from the military side.
Bobby Chesney is professor and associate dean for academic affairs at the University of Texas School of Law, and director of the Robert S. Strauss Center for International Security and Law. He says foreign governments have already attacked the U.S. by attempting to hack into the electrical grid and other vital resources. Nielsen intends the new National Risk Management Center to be a key player in defending against such attacks. It will serve as a partnership between government and business.
“The basic idea is that this is going to be a focal point for DHS to assist in the protection of critical infrastructures in the United States, which is, of course, constantly under attack in terms of cybersecurity intrusions,” Chesney says.
Chesney says defending against cyberattacks is not a new idea, and it’s already being done. But the new entity within DHS will “focus bureaucratic efforts.” The challenge for a government-led effort is that some 85 percent of critical infrastructure is in the hands of the private sector, Chesney says.
“This country has a long and rich tradition of trying to keep the government out of monitoring traffic on private networks,” he says “and you can’t just have DHS say ‘hey we’re here to help. We’re going to have access to everything you’ve got in your private business information systems.’ So there’s a tension there.”
The government does have something to offer the private sector, Chesney says. For one thing, expertise for businesses that aren’t prepared for attacks on their systems. In an emergency situation, he says, DHS can provide information and guidance to those who need it. Finally, the agency can be a clearinghouse for information about attacks, sharing that data with all affected entities.
Chesney says the National Defense Authorization Act includes interesting provisions that could be more helpful in making cybersecurity progress than the DHS initiative.
“One of the provisions, which comes from former UT professor, and current junior senator from Nebraska, Ben Sasse, is known as the Cyber Solarium Commission,” Chesney says.
The group, which will also include both government and private sector leaders, will think strategically about existing and potential cyber threats.
Written by Shelly Brisbin.