DHS Wants to Make Cyber Info Sharing Smarter, Secretary Says

The Homeland Security Department wants to upgrade its system for sharing cyber threat information with industry so companies receive information that’s more tailored to the threats they’re facing, Secretary Kirstjen Nielsen said Tuesday.

Homeland Security’s automated indicator sharing program has come under scrutiny from the department’s own inspector general which said DHS frequently bombards companies with more information than they can use and gives little indication of what information is most important.

In the future, officials hope to tailor information streams for particular sectors and companies, Nielsen told lawmakers on the Senate Judiciary Committee.

The department also hopes to gain a better understanding of what U.S. infrastructure is most important to secure against cyberattacks, Nielsen said.

Currently, Homeland Security has defined 16 “critical infrastructure” sectors that are vital to national security and should be guarded against physical and cyberattacks. Those sectors include energy utilities, dams and transportation hubs such as airports and train stations.

In the future, the department plans to focus more on “essential functions that may cross sectors” and work with the private sector to ensure those functions are secure, Nielsen said.

Nielsen, who took office in December, joined her predecessors in urging Congress to reorganize the department’s cyber and infrastructure protection agency, including changing its name from the National Protection and Programs Directorate.

“Do you know what NPPD is? Nobody does. That's the point,” Nielsen said, in response to a question from Sen. Sheldon Whitehouse, D-R.I.

Homeland Security is not asking Congress for new cyber authorities beyond the NPPD reorganization, Nielsen told Whitehouse, saying the department’s cyber authorities in various areas are sufficient.