Generally, the Department of Homeland Security has the technologies and tools it needs in the struggle to fend off cyber intrusions and attacks but additional resources are needed to help the department engage with more owners and operators of the nation's critical infrastructure owners, the top cyber security official at DHS said last week.
"I have really good tools, but I could have the best tools in the world, but if I don't have the ability to engage my stakeholders, then their worthless," Chris Krebs, director of the Cybersecurity and Infrastructure Security Agency, told a House panel. "So, I need to get more ability, more people, more mechanisms, more tools to get out there and engage the critical infrastructure community. We're talking thousands and thousands and tens of thousands."
Krebs appeared May 1 before the House Appropriations Committee's panel that oversees spending for DHS.
As an example of the challenge of stakeholder outreach, Krebs highlighted election security, pointing out that in the 2018 congressional mid-terms his agency engaged with officials from 50 states and 1,400 local jurisdictions, but he has to find a way to touch base consistently with 8,800 localities that run elections.
"I need time … and I need more resources," Krebs said, adding later, "I need people and I need resources to get out there." He also said he expects existing requirements are well beyond "the bandwidth I have for tool delivery right now."
Krebs said that if he had the ability to engage with his state and local constituents on a "daily basis," CISA could provide them the tools they need and "we could really solve a lot of the nation's problems."
Rep. Lucille Roybal-Allard (D-Calif.), chairwoman of the Homeland Security Appropriations subcommittee, noted her concerns about cyber threats, saying proposed reductions in CISA's fiscal year 2020 budget "appears to counter what we need to be doing." She said the proposal would cut the agency's operations and support budget for cyber security by 5 percent versus FY '19 and 7 percent for procurement.
Large organizations have the ability to reach out to DHS routinely but small and medium businesses don't have the same resources, which is why CISA needs to be "in the field" and engaging these entities, Krebs said. He also said that all stakeholders need to take the threat seriously.
"In 2016 one of the biggest challenges as we engaged state and local elections officials is the initial disbelief that they were on the front lines of a nation state attack," he told the subcommittee. "That a state in the Midwest may be a target of the Russian GRU. We have to get past this. As you plug into the Internet, you're in the game, you're in the global game in the cyber security space."
CISA offers a host of capabilities to its stakeholders, including advisers, security tools, vulnerability scans, and data about threats. Asked by Roybal-Allard what he would do with additional resources, Krebs said he would "scale" existing technical support capabilities his agency offers to the critical infrastructure community and "significantly expand my ability to engage."
With engagement, trust can be built, he said.
CISA also provides a range of cyber tools and capabilities that are used to help protect federal civilian agency networks from cyber attacks. Krebs mentioned that information collected from these sensors in the past decade has led to the establishment of pilot programs around predictive analytics.
Predictive tools will help spot "anomalous behavior" rather than finding threat indicators, so "we actually have the ability to say, ‘That user usually isn't online at this time, or that user usually doesn't log in from that address or location,'" he said.
There is funding in the FY '20 request for the predictive analytics pilot, but the "hope" is in the future this is a capability that gets more investment to be rolled out, Krebs said.
"And I think it will be a significant game changer," he said.