Secretary Alejandro N. Mayorkas has today announced the many ways the Department of Homeland Security (DHS) will carry out President Biden’s vision to elevate cybersecurity across the government. DHS will lead efforts to mitigate risks to the United States, further strengthen its partnerships with the private sector, and expand its investment in the infrastructure and people required to defend against malicious cyber attacks as part of a whole-of-government effort.
“Cybersecurity is more important than ever, and we will build on the Department’s excellent work as we transform our whole-of-government approach to tackle the challenge we face as a nation,” said Secretary Mayorkas. “This week is just the beginning of a series of actions DHS will pursue nationally and internationally to improve cybersecurity at all levels.”
DHS plays a key role in protecting the American people from threats in cyberspace. The Department’s Cybersecurity and Infrastructure Security Agency (CISA) is charged with securing Federal civilian government networks and our nation’s critical infrastructure from physical and cyber threats. Congress, in the recent National Defense Authorization Act (NDAA), further empowered CISA to execute this mission, including by providing authorities for CISA to “hunt” for cyber threats in federal agency networks and to more effectively identify vulnerable technologies used by critical infrastructure sectors. Over the past months, CISA has honed its capabilities and furthered the Department’s effort to advance national cybersecurity by:
- Leading the national effort to secure the 2020 election, including by sharing timely cybersecurity information with state and local election officials;
- Driving urgent remediation of risks posed by the exploitation of commonly used network management software and providing incident response assistance to compromised entities;
- Collaborating with government and private sector partners to disrupt and help protect against malicious activity perpetrated by North Korean actors against financial institutions, including the distribution of technical alerts to help network defenders protect against these threats;
- Issuing a directive to federal agencies requiring implementation of vulnerability disclosure programs, which allow security researchers to proactively identify weaknesses in government websites and applications; and
- Facilitating shared cybersecurity services that can be used by federal civilian agencies and SLTT governments to rapidly improve cybersecurity capabilities.
Through the U.S. Coast Guard and Transportation Security Administration, DHS plays a crucial role in increasing cybersecurity across the transportation sector, from aviation and rail to maritime and pipelines. The U.S. Secret Service and ICE’s Homeland Security Investigations combat 21st century crimes, many of which are cyber-enabled. For example, in 2020 alone, the Secret Service responded to 539 network intrusions, arrested over 1,000 people for cyber-financial crimes, and seized over $140 million in assets. The Science and Technology Directorate (S&T) and CISA recently announced the inaugural research and development awards for the newly launched Secure and Resilient Mobile Network Infrastructure project.
DHS will continue to build on these achievements.
This week, Secretary Mayorkas will increase the required minimum spend on cybersecurity through FEMA grant awards. To accelerate critical improvements in state and local cybersecurity, CISA will urgently evaluate and implement additional capabilities including potential new grant programs that will enable critical security investments.
On Thursday, Secretary Mayorkas will speak at the President’s Cup Cybersecurity Competition and issue a call to action to build a diverse cybersecurity workforce and leverage DHS’s partnerships to tackle the growing risk from ransomware.
Ransomware is a cyber pandemic that paralyzes cities, companies, and hospitals across the country. In October, CISA together with other government agencies warned of the growing threat of ransomware targeting the healthcare and public health sector. Previous incidents illustrate the risk ransomware poses to COVID-19 vaccine deployment efforts. Tackling ransomware will require partnering with private organizations, state, local, tribal, and territorial entities — the hallmark of DHS’s approach to cybersecurity.
Secretary Mayorkas will reinforce CISA’s new “Reduce the Risk of Ransomware” Campaign to encourage public and private sector organizations to take action to mitigate ransomware risk. DHS will also leverage the U.S. Secret Service, through its Cyber Fraud Task Forces, to respond to ransomware incidents and arrest those that engage in this criminal activity.
Secretary Mayorkas is slated to participate in several additional engagements in the coming weeks to further highlight how the Department can and will best support its partners in efforts to improve risk management and cybersecurity. The Secretary will also engage with his foreign counterparts to strengthen international cybersecurity collaboration.