In the wake of the recent massive Equifax [EFX] data breach, the Department of Homeland Security hopes to establish a new cyber security and infrastructure protection office to improve information sharing practices with industry.

DHS plans on working with the House Homeland Security Committee to move forward legislation intended to bring together existing authorities, held mostly in the Department’s National Protection and Programs Directorate, under a single agency to deal with cyber risks to critical infrastructure and services.

The committee approved the Cybersecurity and Infrastructure Security Agency Act of 2017 in July, but the bill has yet to move to the House floor for a full vote.

DHS Assistant secretary for the Office of Cyber Security and Communications. Photo: Department of Homeland Security.
DHS Assistant Secretary for the Office of Cyber Security Jeanette Manfra and Communications. Photo: Department of Homeland Security.

“What we’re trying to think about at DHS is a broader national effort to think about national risk and systemic risk and think about those critical services and functions that are critical to our way of life. And how could they be disrupted through cyber means,” said DHS Assistant Secretary Jeanette Manfra at a Nov. 8 Washington Post cyber event.

The department needs to improve information sharing to mitigate potential consequences of future data breaches, according to Manfra.

The Cybersecurity Act of 2015 gave industry liability protections in sharing critical information on cyber incidents with DHS, but the new cyber security protection office would look to build on these incentives.

“We shouldn’t be competing or protecting this indicator, whether it’s from a government perspective or a private sector perspective competing on access to that information but being able to share that broadly and widely,” said Manfra.

Increasing the cyber resiliency capabilities across industry would help decrease the long-term consequences of other Equifax-like data breaches, according to a second panel at the Nov. 8 cyber event.

“What we need to see is the spreading of these kinds of capabilities from a small number of government agencies, a small number of defense contractors, a small number of IT companies and banks down to the rest of the economy,” said Rob Knake, former cyber security policy director for the Obama administration’s National Security Council.

Industry cyber officials are hoping to see DHS proliferate information sharing discussion across industry to build on the capacity to spot unusual network activity before breaches occur.

“For the most part, right now, we are in catch up and response mode on cyber security,” said Sam Curry, chief product officer for Cybereason.

Most companies don’t discover breaches until noted by a third party vendor, according to Curry.

Manfra hopes more industry partners take advantage of DHS’ Automated Indicator Sharing program to stop cyber actors from exploiting similar vulnerabilities.

“We have hundreds of organizations now signed up for this and as much as we can automate that sharing, it makes it so that when one organization is a victim or even a potential victim, they were able to stop it. But they put that into the program that you’re now sharing and you sort of have this neighborhood awareness kind of effect where everybody is benefiting now,” said Manfra.

DHS is focused on addressing advanced persistent threats that carry the potential to disrupt critical services or functions but doesn’t intend on instructing industry on how to handle their own data.

“DHS is now in a unique position where we’re kind of sitting now at the hub of a lot of different pieces of information and we’re getting information from the intelligence community, from law enforcement, from industry,” said Manfra.