[ad_1]
The Department of Homeland Security is putting the collective strength of its component agencies behind its latest 60-day cyber sprint focused on transportation security.
DHS Secretary Alejandro Mayorkas, speaking at the Billington Cyber Security Summit on Wednesday, said the Transportation Security Administration, in its fourth sprint, will demand critical infrastructure partners to improve their practices cybersecurity.
TSA will issue a security guideline later this year requiring rail and rail transport entities to appoint a cybersecurity contact, report cyber incidents to the Cybersecurity and Infrastructure Security Agency, and complete contingency and recovery plans. .
“Taken together, these elements – a dedicated point of contact, cyber incident reporting and contingency planning – represent the bare minimum of today’s cybersecurity best practices,” said Mayorkas.
At the end of this sprint, the TSA will also require airport operators, passenger aircraft operators and essential all-cargo aircraft operators in the United States to appoint a cybersecurity coordinator and report cyber incidents to the Cybersecurity and Infrastructure Security Agency.
Meanwhile, the Coast Guard updated its e-strategy outlook this summer for the first time since 2015. As part of this strategy, the Coast Guard is now integrating cyber risk management into the safety of ships and facilities, as well as in planning and security operations.
As of this month, Mayorkas said more than 2,300 maritime entities must submit a cyber plan to the Coast Guard that addresses all cybersecurity vulnerabilities identified in their facility security assessments; and describe the owner’s or operator’s cybersecurity mitigation measures.
The Coast Guard has also deployed cyberspecialists to major U.S. ports to oversee assessments and preparedness.
Mayorkas said the Federal Emergency Management Agency will also make cybersecurity a top priority in the next cycle of its transportation-related subsidy programs. He said a new working group with CISA, FEMA, TSA and Coast Guard is leading this effort.
The agency has already shown some signs of progress. Mayorkas said FEMA has increased the minimum requirement for cybersecurity by more than 7% through its grants.
Mayorkas also promoted CISA’s CyberSentry program, a voluntary government-business partnership that helps CISA detect sophisticated threats at an early stage and share critical threat information.
“The Department of Homeland Security is fundamentally a partnership department. Our ability to carry out our core mission relies on the strength of our partnerships. We need your expertise, your perspective and your strategic advice. We need your partnership, ”he said.
Mayorkas also highlighted a bill passed on Wednesday by the Senate Committee on Homeland Security and Government Affairs as a tool that would help agencies respond to a wave of cyber threats.
The Cyber Incident Reporting Act would require companies behind critical infrastructure to report cyber attacks and ransom payments.
“Frankly, I’m a little concerned about the timelines imposed by the law, given the dynamism of the cybersecurity landscape and whether the legislation could match that dynamism as things evolve, but I think we will appreciate and understand the ‘mandatory reporting, given what we’ see in the country and in the world today, ‘said Mayorkas.
Beyond DHS, other senior cybersecurity officials outlined their short-term priorities for bringing cohesion to the federal cyber response.
National Cybersecurity Coordinator Chris Inglis highlighted the need for shared cybersecurity services to protect the federal government from emerging threats.
This work is already taking shape at the CISA Quality Service Management Office and has started deployment of mobile security products for agencies to take advantage of its shared services market.
“Some agencies are quite capable of building and defending their digital infrastructure, so much so that they provide material assistance to other agencies. It’s not that they have excess capacity, but they have expertise that lends itself to operating widely in the federal landscape, ”said Inglis. “There are agencies that aren’t so lucky, that have a harder time trying to figure out what their security architecture should be, or muster the resources to defend it. For them, we need to have a shared service option – and that’s not true just in responding to any given incident, but in the kind of daily hustle and bustle that is our working life.
Rob Joyce, director of the National Directorate of Cyber Security at the National Security Agency, said agencies need to focus on protecting small and medium vendors in order to protect the defense industrial base.
“We have seen the opponent change over the past few years. They recognized that big companies do security well, and so now they are attacking their supply chain. They are going after small businesses because what they found is that the same information that is protected in a big business is not as well protected in some of these small businesses. So for us it’s about finding common services that can be provided to put smaller entities under the same stringency of cybersecurity help, ”Joyce said.
Joyce said securing the defense industrial base is not just about preventing intrusions, but also taking steps to mitigate intrusions when they occur.
“In this world, especially the defense industrial base, we have to assume that there are going to be tradeoffs. So it’s not just how you protect yourself, so is, are we really set up and instrumented to find these intrusions quickly and then deal with them quickly before they move to the places where sensitive information is, or it can dig to the point where we’re really having a hard time getting it out, ”he said.
[ad_2]
Source link