A recent agreement between the Departments of Defense and Homeland Security on better detailing roles and responsibilities in protecting the homeland from cyber threats and improving the sharing of related information is already paying dividends and is helping to close to uncover potential security gaps, officials from the departments said on Wednesday.
“The good thing about what we’re going through right now is that it’s not theoretical, we’re actually going through real world scenarios and we’re seeing results not just at the operational, but at the tactical level,” Lt. Gen. Bradford “BJ” Shwedo said. “Whenever you see a Kaspersky or election manipulation, etcetera…we’re seeing at the lowest levels this information is getting where it needs to be and we’re seeing results of what happens when the information gets there.”
There is still work to be done on building relationships and better integrating DHS and DoD personnel, Shwedo and Jeanette Manfra, the assistant secretary for the DHS Office of Cybersecurity and Communications, testified at a joint hearing of the House Armed Services Emerging Threats Subcommittee and the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection.
Shwedo said that when it comes to cyber “it’s all about speed,” adding, “we’re on a good path right now.”
Manfra, Shwedo and Kenneth Rapuano, assistant secretary of defense for Homeland Defense & Global Security, discussed the cooperation between DoD and DHS ahead of and during the congressional mid-term elections last week, noting it was a real world opportunity to work through the roles and responsibilities of all the parties.
Rapuano, in his prepared statement, noted that DoD sent an advanced team to help at the DHS cyber security watch center, the National Cybersecurity and Communications Center, providing situational awareness and help as needed. He also said that the National Guard helped several states at the request of their respective governors to support election cyber security in areas such as training, assessing risks and vulnerabilities, and in information sharing.
Rapuano’s office, with help from DHS, is conducting a study directed by the fiscal year 2019 National Defense Authorization Act to create Cyber Civil Support Teams within the National Guard to support homeland cyber security efforts. Pilot projects are planned with National Guard troops in Hawaii, Ohio and Washington and Rapuano said an initial draft of the study may be ready by next February.
In addition to the cooperative efforts in the election security area, the officials highlighted an ongoing “pathfinder” effort with the financial sector with DoD and DHS collaborating to improve the security posture through better information sharing among all entities, including the private sector. Rapuano said this information will help DoD with its “cyberspace operations.”
A second pathfinder effort with the energy sector will also be established, he said.
Under the recent memorandum of agreement between DHS and DoD on cyber security cooperation, Manfra said the departments will achieve their objectives through three lines of effort. The first is taking a “threat-informed, risk-based approach” to maintaining national critical functions and services. The second includes DHS and DoD working with the intelligence community and FBI “to build a common understanding of strategic cyber threats that can empower private sector network defenders, critical infrastructure owners and operators, and government actors to improve resilience and integrity of national critical functions.
The nation’s critical functions are still being identified but an initial list will be ready later this year, she said.
The third effort is coordination between DHS and DoD to support the planning and operational activities that each department has. Manfra said that policy, legal and operational personnel are working together here.