The DHS is setting up a new way for companies to share info about security breaches, preparing for a cyberattack 'hurricane'

  • DHS Secretary Kirstjen Nielsen says a significant cybersecurity incident may be on the horizon.
  • She announces initiatives to bring companies and government agencies closer together to share information.
  • Supply-chain security and elections security initiatives are also on the way.
Homeland Security Secretary Kirstjen Nielsen speaks to attendees during the Department of Homeland Security's Cybersecurity Summit in Manhattan, New York, July 31, 2018. 
Eduardo Munoz | Reuters
Homeland Security Secretary Kirstjen Nielsen speaks to attendees during the Department of Homeland Security's Cybersecurity Summit in Manhattan, New York, July 31, 2018. 

The next major attack on the U.S. is more likely to come by computers than airplanes, Department of Homeland Security Secretary Kirstjen Nielsen said Tuesday.

"We are in a crisis mode," Nielsen said at a cybersecurity summit in New York. "A cat 5 hurricane has been forecast, and we must prepare."

One way to prepare is to encourage more information-sharing between private sector companies and the government, she said, an idea that has been controversial in the past.

Nielsen said DHS will launch the National Risk Management Center this year to provide "a cross-collaborative approach," connecting government agencies and corporations. The center will be housed at DHS headquarters in Washington and will bring together industry partners to provide a "single point of access to the full range of government activities to defend against cyberthreats."

The government and private corporations have not always cooperated smoothly on sharing threat information. Multinational companies sometimes face backlash in countries where they operate outside the U.S. because of concerns they are sharing local information with U.S. authorities. Some companies are wary of inviting too much scrutiny from the government that could lead to regulatory action or result in handing proprietary or damaging information to industry competitors.

The new risk center is meant to ease some of those fears, and provide a more effective, "crowd-sourced" response to various types of attacks, she said. That would involve taking expertise from various private sector and public cyber professionals.

Nielsen said DHS expects to launch the initiative immediately, and that the agency has also established a new elections task force to help secretaries of states across the country evaluate their security risk in advance of the November midterm elections.

DHS will also introduce a new voluntary supply chain risk management initiative, meant to enlist cybersecurity experts from companies, in cooperation with government agencies, to help hunt down specific security weaknesses.

The new initiatives represent a shift in focus from looking at individual industries to analyzing how particular threats could affect a wider swath of businesses in finance, technology, energy and supply chain. DHS is trying to avoid a single attack that creates cascading problems across these industries and will have to change existing protocols of information sharing so that there's greater collaboration.

Nielsen's comments echoed recent predictions from Dan Coats, head of the Office of the Department of National Intelligence, who recently warned of a "cyber-9/11."