We've all seen statements from leaders in government (and business) that contain a lot of words but little meaning.
Just the opposite was true as U.S. Secretary of Homeland Security Alejandro Mayorkas spoke this week, in stark terms, about the state of cybersecurity in the United States.
He unpacked foundational principles for the future of information security efforts. We'll look at those in a moment.
Before looking to the future, however, the DHS Secretary spoke openly about three ways we are falling short in the security space. Here they are:
Secretary Mayorkas then moved on to his vision for how the Department of Homeland Security will move ahead in its fight to improve cybersecurity and defend the U.S. against cyber threats.
He says these are the foundational principles that will guide DHS work:
"To start, we cannot ignore the broader geopolitical context and democratic backsliding that is happening around the world. Far too often, cybersecurity is used as a pretext to infringe on civil liberties and human rights.
Make no mistake: a free and secure cyberspace is possible, and we will champion this vision with our words and our actions."
At the same time, I promised hard truths and one hard truth is that no one is immune from cyber attacks, including the federal government or our most advanced technology companies. While one can reduce the frequency of incidents through modernized defenses, ultimately it is not a question of if you get hacked, but rather when. We must therefore also bolster our capacity to respond when incidents do happen."
The DHS Secretary also spoke at length about the Cybersecurity and Infrastructure Security Agency (CISA) and how it is best positioned to help carry out the cyber mission across government and into the private sector.
He called CISA the "nation's cyber quarterback."
Read the complete cybersecurity statement of U.S. Secretary of Homeland Security Alejandro Mayorkas.
The Secretary also shared some ominous statistics from federal agencies:
"According to the FBI, the reported losses tied to cybercrime exceeded $4.1 billion last year alone. The Secret Service arrested more than 1,000 people for cyber-financial crimes and prevented over $2 billion in potential fraud losses.
These numbers highlight that cybersecurity is not some abstract concept or a threat limited to the government or critical infrastructure. Hackers target American citizens directly every day and impact their lives at a time when we have experienced unprecedented hardships."
[RELATED] Ransomware has been a growing cyberthreat, with devastating consequences over the last year. See the Trend Micro report, "State of Ransomware: 2020's Catch-22."