Defending our nation’s cyber services

As the chief cybersecurity official for the Department of Homeland Security, Jeanette Manfra is laser-focused on preventing cyberattacks that could destabilize the U.S. financial system or open the federal government up to spying.

Manfra, a career federal official turned political appointee, was thrust into the spotlight last summer when she told the Senate Intelligence Committee during public testimony about evidence that Russia targeted election systems in 21 states before the 2016 elections. But working with states to protect critical election data systems is just one facet of her office’s broad and growing portfolio of responsibilities.

{mosads}As an assistant secretary at the National Protection and Programs Directorate (NPPD), Manfra and her team guard federal government networks and collaborate with a wide swath of industries and foreign powers to prevent and respond to cyberattacks that could disrupt critical services. 

“We depend upon a stable financial institution, we depend upon clean water and electricity and power,” Manfra said during a recent interview in her Washington-area office. “How could you disrupt those essential services and functions, whether that is through some sort of physical or cyber or coordinated means? That’s where NPPD kind of sits.”

“Once we figure out how those could be disrupted, how do we make sure that we do everything possible to prevent that?” Manfra continued. “It’s also looking to build the contingency plans in place, because you have to assume you can’t prevent everything.”

Manfra, a former Army intelligence officer and the daughter of a computer programmer, joined Homeland Security a decade ago just as it was setting up a cybersecurity unit at the NPPD. She served in various roles at the department, including as the cyber counselor for former Homeland Security Secretary Jeh Johnson, before President Trump appointed her to lead the cybersecurity office last year.

The government’s cybersecurity efforts have attracted growing attention in the wake of high-profile breaches — including those at the Office of Personnel Management and Sony Pictures — and Manfra has witnessed the department’s cyber force expand rapidly from fewer than 200 employees to more than 1,000.

“It’s been a really fascinating time for me,” Manfra said. “We went from something that you would hope maybe trade press might write about, to it’s national headlines on a regular basis.”

Russian interference in the 2016 presidential election has drawn Homeland Security further into the spotlight. The revelation that Moscow targeted voter registration databases and other digital systems in 21 states has been a major sticking point of concurrent investigations into Moscow’s meddling, spurring legislation to provide federal grants to states to replace outdated voting technology.

It also drove the Obama administration to label election infrastructure a “critical” system.

Manfra is now responsible for spearheading efforts to provide cyber hygiene scanning and other security tests to states looking to shore up their digital systems ahead of November’s midterm elections.

Initially, the department’s relationships with state and local election officials were fraught with tension, many fearing that the critical infrastructure designation forecast a federal takeover. Some have also complained that the department was slow to divulge information about the Russia threat.

But Manfra expressed confidence that the dynamic is improving, noting that Homeland Security has worked quickly to provide officials with permanent or interim security clearances to view classified information vital to protecting their assets.

“In a lot of ways, it’s no different than any other sector. You have to build trust and you have to demonstrate value,” she said. “You have hard conversations, but I think we really are well on the way to having a good partnership.”

Last fall, Homeland Security had personnel on the ground in the states with off-year federal elections, including Virginia and New Jersey.

The department is also speeding up its efforts ahead of this year’s midterms amid reports that states have faced as much as a nine-month wait for the most rigorous risk and vulnerability assessments. 

The Kremlin’s interference in the 2016 election led to widespread concerns that foreign hackers could target future votes. While Manfra said she is unaware of any “specific intelligence” about credible targeting efforts related to the midterms, she remains concerned about the threat.

“I will always be worried about it and it is always something that entities are going to look to influence our democratic processes,” Manfra said. “As a country, we should be in a position to counter that.”

“We can always improve,” Manfra added, “but I really do believe that we have a lot of the pieces in place to assist on significant elections.”

Her time working in the Trump administration has already proven eventful. Manfra stood beside Tom Bossert, Trump’s homeland security adviser, in December as he publicly blamed North Korea for the global “Wanna Cry” malware attack that crippled organizations across the globe months earlier.

Manfra described near daily conversations with Bossert and White House cybersecurity coordinator Rob Joyce on an array of issues, including the government’s process of disclosing unknown cyber vulnerabilities to the private sector.

The administration’s largest challenge, she said, is working with the rest of the world to figure out how to make the internet a safe and secure place while also preserving all that makes it vital not only to global communications but also economic development.

On a smaller scale, she described her greatest hurdles at Homeland Security as building the right partnerships with critical industries to minimize the risk and impact of cyberattacks, while maturing an organization that has seen its priorities dramatically expand with the growth of the digital ecosystem.

The latter takes some effort from the legislative branch, on which Congress has been slow to deliver. But Manfra says she is encouraged by the recent passage of legislation in the House that would reorganize and rename NPPD, transforming it into an operational agency to handle cyber and physical infrastructure protection.

Manfra also has a new ally in Kirstjen Nielsen, Trump’s new Homeland Security secretary who has been widely cheered for her experience in cybersecurity.

“We’re the defenders,” Manfra reflected. “It’s hard to do defense, whether it’s football or in cyberspace.”

“How can we change the game?” she continued. “It means thinking differently about government and industry working together. It means thinking differently about how the United States works with other countries.”

“And it means thinking differently, too, about the role of government in cyberspace and how our citizenry thinks about that,” Manfra said.