DHS Looking to “Pare Down” Cyber Risk List for Report to Congress

LAS VEGAS— The Department of Homeland Security has put together a list of 300 cyber threats from responses to a request for information to be used in its upcoming report to Congress on cyber threats and defenses, but “there’s no way we’re going to Congress with a list of 300 threats; we’ll be paring that down a bit,” Vincent Sritapan, program manager for mobile security R&D at DHS, told an audience at CTIA’s Super Mobility 2016 conference during a late afternoon panel on cybersecurity yesterday.

Panelists Matthew Scholl, chief of the Computer Security Division at the National Institute for Standards and Technology, and Glenn Reynolds, chief of staff at the National Telecommunications and Information Administration, agreed that being small, nonregulatory agencies is helpful in gaining cooperation from private-sector firms.

Being “small, nonregulatory, transparent, not-classified” contributes to “good outcomes,” Mr. Scholl said.  He added, “One of the primary public-private partnerships in the U.S. is the work government and industry does together with industry leading in national and international standard-setting.”

Mr. Reynolds said, “We’re also small and nonregulatory and at Commerce. … I think those are extremely important characteristics in public-private partnerships.”

John O’Connor, assistant deputy director for national cyber and communications integration at DHS, said, “We’ve long had a paradigm where we share with industry.” —Lynn Stanton, lynn.stanton@wolterskluwer.com

Courtesy TRDaily