DHS makes right moves to bolster cybersecurity

This piece by General Frank Taylor originally appeared in The Hill, August 2, 2019

If there is one thing that was learned from the 2016 presidential election, it is that protecting our election infrastructure cannot be only a passive decision. There is a need to be proactively assessing our environment to ensure that we are implementing the cybersecurity features that fortify our systems and, ultimately, our American democracy. This is where the Cybersecurity and Infrastructure Security Agency comes into full play.

The Cybersecurity and Infrastructure Security Agency was inaugurated in 2018 as a component within the Department of Homeland Security. Its primary objectives are to lead cybersecurity efforts across the federal government and to work with the critical infrastructure community to help protect their networks. But it was not conceptualized solely on the basis of Russian interference. The evolving concerns that the Cybersecurity and Infrastructure Security Agency plans to prioritize as it is now entering its second year include supply chain, 5G networks, and election security.

Standing up the Cybersecurity and Infrastructure Security Agency last fall, an effort that was started by the Obama administration but realized by President Trump, has signaled cybersecurity as a priority deserving of greater resources. Top Department of Homeland Security officials had been championing the decision, advocating that the creation of the Cybersecurity and Infrastructure Security Agency was necessary for streamlining its goals. It is able to act more independently, like how the Federal Emergency Management Agency operates, so barriers to decision making are eliminated, and responses are more efficient and successful.

Under the leadership of Chris Krebs, the Cybersecurity and Infrastructure Security Agency has initiated a solid roadmap outlining how it will fully mature its capabilities over the next two years. While it may appear to be acting similarly to an intelligence agency through its information sharing efforts, there is a major distinction in that it will operate transparently. This is a huge win for all its civilian, private sector, and government partners navigating the complex cybersecurity landscape.

The Cybersecurity and Infrastructure Security Agency understands that a majority of our cybersecurity infrastructure resides in the private sector and is committed to taking actions to counter threats that extend beyond government systems. This means it will work closely with cybersecurity infrastructure entities to understand what they themselves perceive to be the greatest risks to their systems. This not only improves the efficacy of solutions, but it helps achieve buy in, which greatly strengthens efforts.

Still, the Cybersecurity and Infrastructure Security Agency exhibits both form and function. There are new emerging cyberthreats that are rapidly changing and advancing, including the durability of the supply chain. Cybercriminals and foreign adversaries have demonstrated the ability to exploit vulnerabilities in the supply chain, gaining access to sensitive data. These perpetrators are acting strategically to disrupt our systems, and the Cybersecurity and Infrastructure Security Agency is expected to exercise collective defense to manage these risks and share actionable intelligence with important network defenders positioned to act on it.

One resource that the Cybersecurity and Infrastructure Security Agency now relies on is its Information and Communication Technologies Supply Chain Risk Management Task Force that is comprised of federal partners and dozens of the largest companies in the information technology and communications sectors. Its participants are crafting strong proposals to manage several weaknesses in the international technology supply chain.

It comes as no surprise that another focal point is 5G. However, with the advantages of 5G come the downsides, as there are greater opportunities for our adversaries such as China to gain access to our networks and for insecure technology to gain outsized market share. To defend against all these  new threats, the Cybersecurity and Infrastructure Security Agency coordinates with the Department of State, the Department of Commerce, the Federal Communications Commission, and the White House. This is necessary to determine risk mitigation strategies, such as mandating all 5G technology be interoperable, or banning some providers like Huawei.

But what about election security? Was that not the driving force in establishing the Cybersecurity and Infrastructure Security Agency? It is indeed working to expand upon the relationships with state and local election officials and voting machine vendors that emerged from the 2018 midterm elections. The Department of Homeland Security now finally recognizes elections as part of our cybersecurity infrastructure, and so engagements with these partners has been paramount to understanding how they operate. Collaboration between state and local election officials and the federal government is a major factor in incentivizing the patching of election systems and helping the Cybersecurity and Infrastructure Security Agency achieve its goal of 100 percent auditability by 2020.

The Department of Homeland Security is a proven government leader by launching the Cybersecurity and Infrastructure Security Agency to focus on emerging cyberthreats. With this leadership comes the responsibility to integrate and coordinate with the private sector to ensure secure and sustainable partnerships. Connecting these entities will inform decision making and provide pathways for innovation and intelligence sharing.

Francis Taylor served as undersecretary for intelligence and analysis at the Department of Homeland Security and as assistant secretary for diplomatic security at the Department of State now with Cambridge Global Advisors.