DHS chief lays out actions to strengthen cybersecurity in wake of major hacks

Homeland Security Secretary Alejandro Mayorkas on Wednesday issued a “call for action” to confront mounting cybersecurity threats to the federal government, laying out a plan to combat hacking efforts following two major foreign cyberattacks. 

Mayorkas warned during a virtual speech hosted by the RSA Conference that “cyber threats are coming dangerously close to threatening our lives” and detailed plans for focusing on issues including debilitating ransomware attacks, bolstering the cyber workforce and securing critical infrastructure against attacks. 

“The government does not have the capacity to achieve our nation’s cyber resilience alone,” Mayorkas said. “So much of our critical infrastructure is in the private sector’s hands. We need to work with the private sector to protect the interests of the American people and the services on which we rely.”

Mayorkas’s comments come as the federal government continues to respond to two major cyber espionage incidents carried out by foreign entities that were discovered over the past three months. 

U.S. intelligence agencies determined that the December SolarWinds attack “likely” was carried out by Russian hackers. The hackers gained access to at least nine federal agencies and 100 private sector groups, including the Department of Homeland Security (DHS).

In addition, recently uncovered vulnerabilities in Microsoft’s Exchange Server application were used by at least one Chinese state-sponsored hacking group to gain access to thousands of organizations around the world. 

Mayorkas on Wednesday described the “hard truth” of confronting the federal government’s lack of visibility into the SolarWinds hack in particular, which was first reported by cybersecurity company FireEye when it was breached. 

“This incident is one of many that underscores a need for the federal government to modernize cybersecurity defenses and deepen our partnerships,” Mayorkas said. 

Mayorkas announced that DHS would soon roll out a series of 60-day “sprints” to increase focus on key problems in cybersecurity. 

The first sprint will focus on ransomware attacks, which involve hackers holding networks hostage until a ransom is paid. These types of attacks have spiked during the COVID-19 pandemic, with hospitals, schools and other critical organizations targeted. Mayorkas described these attacks as a “national security threat.”

“There are actors out there who maliciously use ransomware during an unprecedented and ongoing global pandemic, disrupting hospitals as hundreds of thousands die,” Mayorkas said. “This should shock everyone’s conscience.”

Other agency sprints will focus on strengthening the cyber workforce, an initiative that will launch in April, and strengthening the security of industrial control systems.

Later in the year, initiatives around protecting transportation systems from cyberattacks, bolstering election security and increasing international cybersecurity work will commence. 

Mayorkas also strongly emphasized the need to build up the Cybersecurity and Infrastructure Security Agency’s (CISA) capacity. The agency, which is part of DHS, is responsible for securing federal infrastructure, including elections. 

Congress recently appropriated $650 million to CISA to increase federal cybersecurity as part of President Biden’s COVID-19 relief bill, an amount Mayorkas said he was “grateful” for.

Mayorkas announced that DHS would launch an “expanded cybersecurity grant program” to encourage private companies to take advantage of CISA resources, and was working on a “cyber response and recovery grant” to expand CISA’s ability to offer cyber assistance to state and local governments. 

“CISA is the private sector’s most trusted interlocutor and is clearly best positioned to be the tip of the spear and the front door for the U.S. government’s engagement with industry on cybersecurity,” Mayorkas said.

Mayorkas’s comments were made as the Biden administration works to roll out an executive order to strengthen federal cybersecurity after both the SolarWinds and Microsoft incidents. 

The secretary said Wednesday that the order would include “nearly a dozen actions” and that “more details would be shared soon.”

“The U.S. government will improve in the areas of detection, information sharing, modernizing federal cybersecurity, federal procurement and federal incident response,” Mayorkas said. “The federal government must lead by example at a time when the stakes are so high.”

Bloomberg News reported Wednesday that the order will require companies doing business with the federal government to disclose if they were hacked within days of an incident, and increase federal agency security through enhanced encryption and multifactor authentication.

Anne Neuberger, President Biden’s deputy national security advisor for cyber and emerging technology, said in a statement provided to The Hill by the White House on Wednesday that details around the order will be shared “soon.”

“We will have an executive order shortly that will make fundamental improvements to national cybersecurity,” Neuberger said. “We are consulting with the private sector extensively in developing the executive order and have set our goals for cybersecurity improvements to be aggressive and achievable. Many of the measures in the executive order will be long overdue and we look forward to sharing them with the American people soon.”