Advanced SOC Operations / CSOC , Governance & Risk Management

DHS Seeks to Be More Active in Agencies' Cyber Defense

Top Cybersecurity Official Tells Lawmakers Election Security Is His No. 1 Priority
DHS Seeks to Be More Active in Agencies' Cyber Defense
Witnesses being sworn-in before a House cybersecurity panel.

The Department of Homeland Security is seeking to play a more active role in responding to cyber incidents at other U.S. federal agencies.

See Also: The SOC Manager’s Guide to Automating the Full Threat Detection and Response Workflow

Jeanette Manfra, DHS assistant secretary for cybersecurity and communications, told a House panel Tuesday that the department's involvement in responding to last year's breach of the Securities and Exchange Commission's EDGAR electronic filing system was minimal, but she suggested that approach will change.

"We had very limited involvement with the SEC; it did not request a follow on assistance for response," Manfra testified before the House Homeland Security Cybersecurity and Infrastructure Protection Committee. She said the SEC alerted DHS of a cyber incident last Nov. 3.

Manfra said the limited DHS activities performed in SEC's and other agencies' breach mitigations and responses has prompted the department to review procedures to more clearly define its role in aiding other executive branch agencies. "If we're looking at specific critical services and functions, then the department needs to have a more active role in that response regardless of whether an agency requested it," she said.

DHS, the federal agency that coordinates cybersecurity among civilian government agencies and the nation's mostly privately operated critical infrastructure, has come under criticism for the lax nature of IT security at federal agencies. The subcommittee's chairman, Rep. John Ratcliffe, R-Texas, cited a recent Governmental Accountability Office report that showed only seven of 24 major federal agencies met standards for cybersecurity controls established by the National Institute of Standards and Technology. "That doesn't sound very good," Ratcliffe said.

Identifying Security Gaps

Manfra acknowledged that DHS, through the deployment of the continuous monitoring and diagnostics program and the department's engagement with the White House Office of Management and Budget to measure agencies' cybersecurity efforts, has identified significant IT security gaps. She said that the knowledge garnered from these initiatives has helped DHS build technical assistance to furnish agencies with more in-depth insight into their networks and provide them with a greater level of assistance on engineering and governance, even with limited resources.

Continuous monitoring and diagostics furnishes agencies with tools that identify cybersecurity risks on a continuing basis, prioritize these risks based on potential impacts and enable cybersecurity personnel to mitigate the most significant problems first.

"We do see a lot of potential for CDM, with the ability to deliver tools at a lower cost across agencies, and this is the first time that many agencies had access to this level of automated data to understand what is on their network," Manfra said. "We see a lot of potential for this, but for many agencies, there's a lot of capabilities that have to dealt with, and we're continuing to take advantage of things like shared services [and] more capability from DHS to [help] agencies who need it most."

Prioritizing Election Security

Also at the hearing, DHS's top cybersecurity policymaker, Christopher Krebs, told lawmakers that securing America's electoral systems is his No. 1 priority.

Krebs, who's title is senior official performing the duties of the undersecretary of the National Protection and Programs Directorate - DHS's cybersecurity arm - revealed that last week he established an election task force within the directorate. Previously, such responsibilities were found within the directorate's Office of Infrastructure Protection. "We're elevating it as a task force, bringing components from across DHS, including the Office of Intelligence Analysis, and resourcing it appropriately," he said. "We're pulling the resources together in a recognition that we don't have a lot of time, given that there are three elections this year."

In addition, he said, DHS is establishing an Election Infrastructure Subsector Government Coordinating Council with federal, state and local partners to develop information sharing protocols and guidance on the nation's election infrastructure that the states run. "If we can't do this right - if we can't dedicate every single asset that we have to assisting our state and local partners - then, frankly, I'm not sure what we're doing day to day, he said.

Still, Krebs conceded that DHS needs to develop stronger relationships with state election officials. He said DHS works closely with states' homeland security advisers, CIOs and CISOs. "But to square the circle on this specific threat, we need to develop partnerships that are three or four legs on the stool within each specific state," Krebs said. "How to improve relationships? It will take a lot of effort and a little bit of time."

Undermining Trust

But the ranking Democrat on the subcommittee, Rep. Cedric Richmond, D-La., expressed some skepticism about DHS efforts to collaborate successfully with state election officials.

"DHS has struggled to build some of the relationships necessary to executing its election security mission," Richmond said in his opening remarks. "Although I have heard that DHS is making process in this regard, I am concerned mistakes made notifying certain secretaries of state that their election infrastructure had been targeted - though it had not been - may have undermined the trust DHS has sought to build."


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.