On 31st March, Alejandro Mayorkas, Secretary of the Department of Homeland Security, outlined several steps the department and its Cybersecurity and Infrastructure Security Agency would undertake in the next 60 days to address gaps in cybersecurity.
Mayorkas said the department is launching a series of so-called 60-day springs. “Each is focussed on the most important and most urgent priorities needed to achieve our goals. we will focus on four medium-term priorities that will receive my sustained attention over the longer term,” Mayorkas said, speaking remotely at the annual RSA Conference of information security experts.
The six areas addressed included: fighting against ransomware, improving the resiliency of industrial control systems that undergird water and sewage treatment facilities to withstand a cyberattack, protecting data that underlies transportation and pipeline systems, safeguarding election security, building international partnerships on cybersecurity on cybersecurity and finding ways to fill open cybersecurity positions in the federal government.
Mayorkas added that the department will be partnering with the Girl Scouts to offer cybersecurity internships, building on the organisation’s work teaching girls cybersecurity skills and awarding badges for achievements in the field. Mayorkas also mentioned that the federal government can neither stop cyberattacks, nor help achieve the nation’s cyber resilience, which refers to being able to withstand an attack and continue functioning.
Speaking of the SolarWinds attack carried out by Russian intelligence agencies, Mayorkas said government agencies that got hacked were unaware of the attack until the security research firm FireEye disclosed it. The hack “underscores the need for the federal government to modernize cybersecurity defenses and deepen our partnerships” with private companies, he said.
President Joe Biden is preparing an executive order that will include a “dozen actions” intended to “advance the federal government’s ability to prevent and respond to cyber incidents,” Mayorkas said. “The U.S. government will improve in the areas of detection, information sharing, modernizing federal cybersecurity, federal procurement and federal incident response,” he said.
The Biden administration intends to appoint a national cyber director, who would be confirmed by the Senate, Mayorkas said. It’s one of several recommendations made by the bipartisan Cyberspace Solarium Commission in March 2020. Mayorkas said CISA was expanding its partnership with state officials by placing coordinators in state capitals who would act as liaisons between federal and state governments.
The agency is also working on a proposal to create a “cyber response and recovery fund that will further augment CISA’s ability to provide assistance to state, local, tribal and territorial governments,” he said.