Noem calls for reauthorization of cyberthreat information sharing law during RSA keynote

SAN FRANCISCO — U.S. Secretary of Homeland Security Kristi Noem urged Congress on Tuesday to reauthorize a 10-year-old law that encourages businesses to share information about ongoing cybersecurity threats with the federal government.

Last week, a bipartisan duo of senators introduced a bill — the Cybersecurity Information Sharing Extension Act — that would extend the provisions enshrined in the original legislation passed in 2015. 

During a keynote speech at the RSA Conference, Noem said the bill’s reauthorization was key to the Trump administration’s larger efforts to cut funding at the Cybersecurity and Infrastructure Security Agency (CISA) and rely more heavily on the private sector. The bill would incentivize companies to voluntarily share cybersecurity threat indicators like software vulnerabilities, malware, or malicious IP addresses with the Department of Homeland Security (DHS). 

The original legislation expires in September and has been hailed by the private sector as key to protecting personal information and ensuring that both the federal government and companies can take collaborative steps to prevent data breaches or attacks from cybercriminals and foreign adversaries.

The law provides companies with protection from legal and regulatory punishment in exchange for insight into malicious cyber activities — which are then spread through industry-specific Information Sharing and Analysis Centers (ISACs) and other mechanisms.

Justified cuts 

In addition to her call to reauthorize the information sharing law, Noem used much of her speech to defend reducing the size of CISA, postpone the creation of a new headquarters for the agency and make other funding cuts or program changes at the organization. 

She repeatedly defended her decision to end CISA’s programs focused on stopping disinformation and misinformation campaigns launched by Russia and China, arguing that CISA should not be the “Ministry of Truth.” 

She added that it was her goal to “return money back to taxpayers” by cutting the $10 million funding at CISA designated for the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC) — two organizations that provided technical assistance and guidance to states on a variety of cyberthreats.

Noem also made sure to shoot down concerns that the Trump administration plans to get rid of CISA entirely, telling the crowd that it “is going to continue to be our nation's cyber defense agency, and it's going to be the coordinator for critical infrastructure systems.”

The former governor of South Dakota told the crowd that she met with members of the cybersecurity industry before her speech and called the meetings “candid.”

“I know the press has covered the role of Homeland Security and what we have done in CISA — as far as some of the reforms and efficiencies and some of the initiatives and task forces and advisory councils that we're changing — as a bad thing,” she said.

“I would encourage you to just wait till you see what we're able to do. There are reforms going on that are going to be much more responsive. Instead of just talking about cybersecurity, we're going to do it. You're going to have a seat at the table that'll be much bigger. It will help you partner with us in a way that really will make sure that there's consequences in place for bad actors, and that we make sure that we are able to bring more security to the American people.”

She added that she plans to reinstate the Critical Infrastructure Partnership Advisory Council so that it “will bring more people to the table and be much more action oriented.”

Noem noted that when she first took office, one of the things that alarmed her most was the lack of information the federal government had about recent Chinese hacking campaigns Salt Typhoon and Volt Typhoon. 

Now that she is in office, she said she wants “more of those answers and more tools to be able to stop and prevent those kinds of invasions into our country.”

She said her presence at the conference, alongside several other DHS officials, was evidence that cybersecurity was a priority for herself and the Trump administration. 

During her speech, Noem explained that she recently contacted all of the country’s governors to demand that they have a secure facility where national security information can be shared and that each state should have a point person that DHS can communicate with in the event of a crisis.

“We can't wait days and weeks and months to respond to an attempt to steal our data or [access] information on our systems. We have to respond immediately, and the quicker we can line up those communication channels, the better we will be in stopping it and holding these bad actors accountable,” she said. 

“DHS is committed to cybersecurity. I'm committed to cybersecurity, as is the president, who recognizes that it's a national security imperative and responsibility that rests on our shoulders.”