Fresh off the debut of the Department of Homeland Security’s new cybersecurity strategy, Jeanette Manfra outlined how the agency is collaborating with the private sector to help safeguard the nation’s most essential functions from cyberattacks.
The assistant secretary for the Office of Cybersecurity and Communications said that DHS and its cyber component, the National Protection and Programs Directorate, were working to identify and protect key areas designated as “national critical functions.”
“Those are things like a stable financial system, the ability to have clean water, the ability to have electricity and now, the ability to have communications,” Manfra said Tuesday at the Security Through Innovation Summit presented by McAfee and produced by FedScoop and CyberScoop. “All of these systems need to be stable, they need to be resilient, they need to be secure.”
DHS is working with industry partners to identify the providers of those critical functions — especially in interconnected fields like the financial sector — and build a “mutual understanding” that allows the agency to share information with industry and alert providers when they may face cyberthreats, Manfra said.
“The increasing level of specificity that we can get to, the better the government will be able to position our intelligence collection resources, et cetera, to be able to provide those alerts and warnings,” she said.
Information sharing with the private sector has been the cornerstone of the government’s plan to protect critical infrastructure industries, including DHS’s and U.S. Cyber Command’s collaboration with financial institutions on an operation called “Project Indigo.”
Manfra said that DHS is working to build a system that both identifies risk and facilitates information sharing both to and from critical function providers.
“If the government has the ability to gather information that would help an entity or group of entities ideally prevent something happening significant, then we need to have the mechanisms in place to be able to do that,” she said. “It starts with that first identification of risk.”
From there, Manfra said that both the public and private sectors should identify where the vulnerabilities lie in their critical infrastructure systems and coordinate how to better scale the disclosure process.
Combined with more inclusion of automation in cybersecurity operations, Manfra said the information DHS is providing to the private sector could prove essential to fortifying their network protections.
“The concept of companies being able to trust DHS enough to automate their defenses against the feeds that we are sending them, it’s not a simple thing,” she said. “We know that we are asking a lot. We’ve made a lot of progress in getting to people to join.”
But to ensure that the feeds don’t drown private security operations centers, DHS is also taking a deeper look at the analysis it does and the products it will offer to ensure to can streamline how companies can identify threats.
Manfra said ungirding these efforts is a deeper collaboration with industry to develop long-term strategies.
“We need to ensure we have that strong voice in those types of forums,” she said. “We need to ensure that we are working with our partners across the world. We have to find a way to continue to work together to ensure that the stability of the global is maintained.”