The series of 60-day sprints for six key areas of cyber security that were outlined last week by Homeland Security Secretary Alejandro Mayorkas put the weight of his office and urgency behind the efforts and help cut through any inertia in making progress in these areas, a senior advisor to Mayorkas said on Wednesday.
The cyber sprints are aimed at driving action across DHS, Tim Maurer, senior counselor for Cybersecurity within the Office of the Secretary, said during a virtual panel discussion hosted by the Center for Strategic and International Studies on the DHS cyber mission.
"One of the challenges for a large organization like the department or any large company like that is, how do you channel the attention of the most senior leadership and can empower the work that is happening across the organization and do you provide some strategic direction and a sense of urgency to drive the key priorities forward," Maurer said. "So, the series of sprints is essentially designed to help facilitate the work that is happening across the department, but to use the office of the secretary and the secretary strategically to help drive forward a specific set of priorities."
The six cyber sprints planned for the coming year will begin with one on ransomware, which has moved in recent years from a nuisance to a national and economic security threat, followed by the cyber workforce, and then another on industrial control systems. Those will be followed by sprints related to the transportation sector, election security, and then the international work of DHS.
Maurer said the workforce sprint will go beyond helping DHS to bolster its cyber workforce to include the role the department can play across the federal government and the nation. Cyber security experts frequently say the U.S. is facing a nationwide shortfall of about 500,000 cyber security workers.
The activities around the sprints won't end once the deadline for each effort is completed, Maurer said, adding that the near-term urgency will "drive that work forward and elevate it to a new level."
Michael Daniel, the former cyber security coordinator in the White House during the Obama administration, said the sprints are valuable because establishing the "rapid deadlines, what you're enabling is the process to actually move and not get mired down in just the sort of natural bureaucratic tendencies."
None of the sprints will "solve the problem," but will get things going to "knock down some roadblocks."
Daniel, who is president and CEO of the Cyber Threat Alliance, which is made up of cyber security companies to facilitate the sharing of cyber threat intelligence, said he agrees with the initial issues that Mayorkas has settled on for the sprints.
Ransomware has gone beyond being an "economic nuisance eight years ago to a national security and public health and safety threat today," Daniel said. It's gone from "locking up" a computer for a small ransom to "whole school systems" and companies, with the average ransom payment today being more than $300,000, he said.
Maurer said his role as a senior advisor is to sort out the cyber security issues that need to rise to the secretary's attention, "so that I can either brief him or prepare him, or if something happens suddenly, we have information to go so that he can make decisions."
Maurer said he works across the DHS components, as well as through his counterparts in the interagency, and with non-government organizations such as industry, think tanks and academia. He said the existing "deep bench" of cyber talent at DHS makes his job easier.
DHS is home to the Cybersecurity and Infrastructure Security Agency, frequently referred to as CISA, which has responsibility for protecting federal civilian agency networks and working with the private sector to help strengthen the nation's cyber security posture as a whole. Within DHS, the Secret Service and Homeland Security Investigations division of Immigration and Customs Enforcement work cyber crime issues, and the Coast Guard and Transportation Security Administration work on cyber security issues related to the transportation sector. The department's Science and Technology Directorate also does research and development work in cyber security.