The federal government’s latest tool for safeguarding the future of U.S. cybersecurity is the National Risk Management Center (NRMC).
Established in July 2018, the NRMC exists within the Homeland Security Department (DHS) and focuses on mitigating risks to critical national functions.
“The National Risk Management Center is the long game,” Matthew Travis, Deputy Undersecretary of DHS’s National Programs and Protection Directorate, said during Tuesday’s 930Gov summit. “Alone the government can’t defend against this and alone the private sector can’t defend against this.”
Travis said that Homeland Security Secretary Kirstjen Nielsen explained how serious the cybersecurity threats menacing the U.S. are during the NRMC’s recent unveiling.
“Our own secretary said that the cyber threat now exceeds the physical threat,” he said. “That’s a profound statement. It should get our attention. We need to do more. The threat is real.”
Travis said that the dangers facing U.S. cybersecurity range from malicious foreign powers to thrill-seeking hackers. He added that the wide range of bad actors makes protecting sensitive government data difficult.
“A lot of people on the cyber front think the biggest threats come from brute force,” he said. “It’s the easy, stupid stuff. It’s spear-phishing, it’s not patching your software.”
The NRMC will combat antagonists directly by coordinating risk management efforts between the public and private sectors. Travis noted that the organization would identify America’s key vulnerabilities and give them lasting safety.
“It’s the electrical grid, it’s the continuity of government, it’s the supply chain of hospitals,” he said of the NRMC’s focus areas. “If those are degraded, we really can’t function as a nation.”
Travis compared modern cybersecurity perils with the risk of nuclear annihilation during the Cold War, adding that today boasts extra hazards for the public sector.
“Now we have nation states targeting individual banks, individual companies,” he said. “That’s an unfair fight. To think that one of those companies can combat that, we’re deluding ourselves.”
Travis listed America’s cybersecurity talent recruitment as another concern, noting that it falls behind overseas competitors.
“Other nations are more aggressive in identifying those individuals with aptitudes in math and science early on and grooming them,” he said. “There’s a lot more we could do in that space.”
The NRMC’s website states that its mission is “to provide a simple and single point of access to the full range of government activities to mitigate a range of risks, including cybersecurity, across sectors.”
Travis urged private sectors parties to join forces with the NRMC and help strengthen America’s overall cybersecurity.
“I think the relationship between the government and the private sector on cybersecurity is as good as it’s ever been,” he said. “There’s an increased amount of information sharing. They, if anybody, see the need for true private-public partnership in this. They’re motivated by their own business interests.”
The NRMC’s risk management umbrella includes election systems and infrastructure control centers like energy grids. Travis said that people intentionally seeking to damage such vulnerabilities are his biggest fear.
“This is one of the most sinister and confounding threats in cyberspace,” he said of cyber “saboteurs.” “This is what really keeps us awake at night.”