As the Department of Homeland Security prepares a new cybersecurity strategy, a report released Monday by Rep. Dutch Ruppersberger, D-Md., called on the department to improve its information-sharing program and warned of the threat posed by nation-state hacking tools to federal networks.
Talk of making cyberthreat sharing real-time and robust has “gone on far too long,” and U.S. networks “can no longer rely solely on reactive, indicator-based sharing programs” to defend against hacking, stated the report to the House Appropriations Subcommittee on Homeland Security.
DHS has worked to quicken the pace at which it shares threat information with the private sector via the Automated Indicator Sharing program. Homeland Security Secretary Kirstjen Nielsen last week touted the program in testimony to the House Homeland Security Committee.
“We’re encouraging more and more companies and entities to [participate in the program] so, at machine speed, we can advise them of incoming threat vectors,” Nielsen told lawmakers Thursday. The department plans to update the program this year to include automated feedback from customers on what they are doing with the threat data, a top DHS official said in January.
President Donald Trump’s fiscal 2019 budget request includes about $1.7 billion for cybersecurity at DHS. Ruppersberger indicated he wanted to see more bang for the buck from those investments.
“We are spending billions of dollars a year on the Department of Homeland Security’s cybersecurity mission and the threat is only getting worse,” Ruppersberger said in a statement accompanying the report, which called for the subcommittee to hold its first-ever hearing dedicated to cybersecurity.
Ruppersberger also advised DHS to pay close attention to the threat nation-states pose to federal networks.
“Over the past few years, many advanced tools have become public and are currently being repurposed by both nation-state and non-nation state players,” the report states.
A group known as the Shadow Brokers has released hacking tools allegedly stolen from the National Security Agency that, researchers say, have infected computers worldwide.
The report comes as DHS awaits congressional approval of a long-planned reorganization of its bureau for protecting the cyber and physical security of critical infrastructure. Pending legislation would change the National Protection and Programs Directorate into a dedicated cybersecurity bureau renamed the Cybersecurity and Infrastructure Security Agency.
Ruppersberger said there could be benefits to that reorganization. Nonetheless, he wrote, “while the department’s leadership has important cyber experience, longer-term issues about the department’s capacity to execute this critical mission for the nation continue to be of concern.”
The department is reviewing how it helps defend privately-owned critical infrastructure networks and will soon release a cybersecurity strategy outlining its revamped approach. At the RSA Conference in San Francisco earlier this month, Nielsen said the goal of the strategy will be to curb “systemic” cyber risk to the nation’s infrastructure by better connecting the dots on threats.
“A large majority of our nation’s digital infrastructure is owned and operated by the private sector,” Jeanette Manfra, DHS’s assistant secretary for the Office of Cybersecurity and Communications, said in a statement Monday to CyberScoop. “Fostering a secure and resilient infrastructure is dependent on partnership and collaboration between the private and public sectors through information sharing.”
Manfra added: “Our shared success and security is dependent on the continued voluntary participation of private sectors.”
You can read the report below.
This story has been updated with a statement from DHS.