DHS chief sees cyber threats every day
Americans are "right to worry" about ever-present cybersecurity threats, says the acting head of the Department of Homeland Security.
"There's not a day goes by where there isn't a cyber report as part of the daily intelligence briefing," said Acting DHS Secretary Elaine Duke.
To defend and protect cyberspace going forward, government and the private sector both must improve their information sharing and workforce development to handle increasing threats, said the head of the Department of Homeland Security.
As essential services become ever more reliant on data and the digital space, "you are right to worry" about ever-present cyber threats, said Acting DHS Secretary Elaine Duke at the Oct. 4 U.S. Chamber of Commerce Cybersecurity Summit.
"There's not a day goes by where there isn't a cyber report as part of that daily intelligence briefing," she said, adding that nation states, criminal organizations as well as individual capabilities "increase in frequency, scale, sophistication and impact," evidenced by the recent WannaCry and Petya attacks.
Grant Schneider, the acting federal chief information security officer, said that from the tools available to cyber malefactors, to the cost of those tools, to the odds they can anonymously carry out missions, "everything is in their favor right now."
In terms of quantifiable impact, Duke said that the financial effects of cybercrime has skyrocketed, citing a study estimating costs from cybercrimes will exceed $6 trillion annually by 2021.
The DHS mission includes law enforcement, protecting government's civilian IT networks and protecting cyber critical infrastructure. On the last of which, Duke said, DHS is "working with Congress on legislation that would focus and strengthen our critical infrastructure mission."
She pointed to the rebranding of the National Protection and Programs Directorate to the Cybersecurity and Infrastructure Security Agency as a reflection of the agency's operational shift that "will make us more effective in executing our cybersecurity initiative.
Duke also emphasized the importance of information sharing between the public and private sectors, adding she would like to see use of the Automated Indicator Sharing system, DHS's machine-to-machine data-sharing system between the government and private sector, grow.
"When it comes to cybersecurity, government and the private industry have the same two basic goals ... to improve our defense … and to respond and recover quickly to minimize the damage," she said. "We are committed to removing barriers to cybersecurity information sharing."
While information sharing can help the effort, Duke stressed that a skilled cybersecurity workforce, in both the public and private sectors, "is critical to our future."
She said that to fill the projected massive deficit of skilled cybersecurity workers, "we need both short- and long-term efforts" from industry, government, academia as well as private citizens.
"We all need to change the way we do business to cope with the evolving cyber threat landscape," she said.
She also emphasized the "need to establish measures to demonstrate the effectiveness of our cybersecurity workforce and investments related to that workforce," to establish what the needs are, to align education and training with those needs and to compare America's standing with global competitors.
"Effectiveness measures may not bear fruit for years to come," she acknowledged, "but that doesn't mean we shouldn't be making the effort."
She added that DHS and the Department of Commerce have taken the lead on providing the president with a report geared toward how the federal government can grow and retain a robust cybersecurity workforce.