The Department of Homeland Security is aiming to move its cyberspace protection efforts beyond information-sharing by establishing a National Risk Management Center (NRMC) to focus more holistically on cybersecurity, according to Christopher Krebs, DHS’s undersecretary-national protection and programs.
The new center “will focus on what truly is important – strategic risk issues with a longer-term approach to achieving the outcomes we set forth,” Mr. Krebs said during today’s meeting of the president’s National Security Telecommunications Advisory Committee (NSTAC).
He noted that the NRMC would have a different mission from DHS’s existing National Cybersecurity and Communications Integration Center (NCCIC), which is a 24-hour cyber risk information-sharing hub. “This represents moving beyond information-sharing,” he said. “Information-sharing is a tool in the toolkit. It is not an outcome or an endpoint.”
DHS announced its intent to establish the NRMC last month at a cybersecurity summit in New York. The center “will create a cross-cutting risk management approach between the private sector and government to improve the defense of our nation’s critical infrastructure,” the department said.
Mr. Krebs said the NRMC concept came from the private sector. “This idea of a risk management center is not a government idea,” he said. “This was based on extensive discussions and collaboration with industry.”
“It is a response to a set of defined requirements,” he added. “This is government acting in response to industry requests.” Much of NSTAC’s work, including recommendations that emerge from the committee’s ongoing cybersecurity “moonshot” effort, will be implemented by the NRMC, he said.
The moonshot project, which aims to create a sense of urgency about cybersecurity in government and the private sector and mobilize resources, began last year and is expected to wrap up later this year (TR Daily, Nov. 16, 2017).
A new NSTAC project that will emerge from that effort will focus on “advancing resiliency and fostering innovation in the information and communications technology ecosystem,” particularly in relation to supply-chain cybersecurity, according to the discussion at today’s NSTAC meeting.
The next NSTAC meeting is tentatively scheduled for November in Washington. An exact date has not been set. —Tom Leithauser, email@example.com