Threat trends, defender partnerships: DHS Sec. Alejandro Mayorkas talks cybersecurity with Kevin Mandia

This article includes insights from the episode “Threat Trends: DHS Secretary Alejandro Mayorkas in conversation with Kevin Mandia” of ​​Mandiant’s The Defender’s Advantage podcast. Mandiant is part of Google Cloud.

Amidst increasing geopolitical and economic tensions, state-sponsored cyber warfare is one of the biggest threats facing nations today. With more organizations and individuals than ever now dependent on digital connectivity, and a rapidly evolving threat landscape, the stakes — and the risk of attacks — continue to grow.

“The private sector cannot do it alone, the government cannot do it alone,” said Alejandro Mayorkas, secretary of the Department of Homeland Security, on fostering greater cybersecurity and resilience during a recent interview with Mandiant CEO Kevin Mandia on The Defender’s Advantage podcast. “We all own the responsibility, together — not just as employees of the organizations for which we work, but also individually, in our personal lives.”

This ethos of partnership has become a driving force behind many of the ongoing cybersecurity initiatives at the Department of Homeland Security. In particular, Secretary Mayorkas highlighted the importance of the Joint Cyber Defense Collaborative (JCDC), which was established by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in 2021 to unify the global cyber community from across the public and private sectors.

As Mandia noted during the conversation, asymmetric cyber warfare is now a problem that has become all too familiar to business and cybersecurity leaders tasked with defending against a growing list of vulnerabilities.

“I’ve noticed the asymmetry of it all,” Mandia said. “It’s amazing how one person — because of some of the vulnerabilities we deal with on defense — has the power to create work for millions.”

This is where the JCDC really shines, by bringing together federal agencies and leading players from the security industry, including Mandiant, in an effort to combat the rising wave of cybersecurity threats aimed at governments, businesses, and individual citizens, expressed Mandia. The JCDC initiative is designed to deliver a new operational model of public-private partnership — the linchpin of which is a gathering, analyzing, and sharing actionable cybersecurity information.

“I think we are advancing and have advanced tremendously. I was in department before CISA was created and that model of partnership was at a real nascent stage, and it’s incredibly mature now,” Mayorkas said, noting that high-level government officials and leaders from the private sector are now able to collaborate together to address homeland and national security through the power of the JCDC.

“The model of public-private partnership in sharing information, sharing capabilities, sharing defensive knowledge and threat intelligence, I think speaks to how far we’ve come,” he said.

Lessons learned by one, benefit all

Over the last few years, the ability to share information quickly has become critical for staying ahead of today’s sophisticated adversaries. Dangers in cybersecurity continue to rapidly evolve, leaving both governments and businesses locked in a near-constant battle to identify, prevent, and respond to attacks.

When Mandia asked what his advice would be for other leaders in the private sector who might be considering partnering with the government, Mayorkas made the case for the critical role information sharing plays in stopping future attacks.

“In the cyber domain, we very well know that the ability to replicate the attack is just another click of the button. To avoid replication, to avoid one harm reaching a second victim, it can depend on the sharing of information,” Mayorkas said. “If a company comes forward and shares with us the intrusion and the methodology, whether they discover it or we discover it or both, then we can share that information throughout the ecosystem and prevent that replication from occurring.”

“The more we do that, the more we raise the cyber hygiene of the entire environment and protect one another, so I think information sharing is key,” he said.

Here, Mayorkas again emphasized how critical sharing information has become not just domestically but also internationally. The creation of neutral forums like the JCDC can help to remove many of the competitive, privacy, and global barriers that tend to restrict collective action. One powerful example he shared is Shields Up — a campaign launched to prompt organizations and operators to enhance security and be on high alert in expectation of connected cyberattacks.

The program offers guidance and recommendations for leadership, organizations, and individuals on tools, best practices, and other resources to help them prepare for and stay informed about disruptive activity and attacks. Initiated by CISA in the wake of the Russia-Ukraine conflict, the campaign also encourages voluntarily sharing cyber event information that could help others mitigate current or emerging threats.

“As the United States stood by our ally Ukraine, we were very worried about Russian cyber retaliation against us, so we sent out a message to the domestic community to put shields up to guard against cyber attacks,” Mayorkas said. “It proved very successful, and it proved very successful in also equipping and enabling Ukraine in defending against Russian direct cyber attacks.”

Similarly, Mandia described how cybersecurity organizations across the industry also banded together during this time to defend against increased activity from state-sponsored threat actors.

“We had folks from Mandiant, from Google, from many other organizations in cybersecurity actively communicating so that as we saw cyber activity in Ukraine, everybody was exposed to the new and novel things right away, and we were prepared as a homeland to defend against those things,” Mandia said. “We built a hyper-attentive learning system and my gut is that it won’t be the last time we do that.”

Together, these efforts are helping to share lessons learned across the private sector and the federal government to help address this new shift to an era where the rules of engagement have changed and new attacks are becoming harder to detect.

Stronger together than divided

Beyond collaboration, Mayorkas also touched on the importance of comprehensive strategies that stretch across not just sectors but also society as a whole.

“We’re all in this together and security is the responsibility of everyone. We’re only as strong as our weakest link. Connectivity requires all of us along the chain of our experiences to be cybersecure,” Mayorkas said. “So, companies, individuals, their families, their personal device safety, their social media usage, protecting personal information. Individuals also have a responsibility to be cyber secure. Lastly, technology manufacturers. It cannot rest on the shoulders of our cybersecurity professionals alone.”

Campaigns like Secure Our World, for example, help to educate and bring awareness to the idea that everyone has a part to play in helping to improve cybersecurity and resilience. Similarly, CISA has published Secure By Design principles and approaches for designing, developing, and delivering products that include the highest measures of security, helping to better prevent cyberthreats.

Mandia also asked Mayorkas to share what steps the DHS is taking to address other ongoing issues that impact the efficacy of cybersecurity in the United States, such as the shortage of security professionals and the asymmetry in the domain between offense and defense. Mayorkas said that the DHS is always actively recruiting but also looking to find ways to shore up future workforces by integrating technological development and cybersecurity into the basic educational curriculum as early as possible.

In the meantime, he has high hopes for emerging generative AI and other AI technologies in helping to further improve defensive tactics and activities despite the fact that adversaries also have the same new capabilities at their disposal.

“I have great optimism about its utility in advancing our cyber defenses,” Mayorkas said. “We are going to harness the capability of AI to advance our mission proactively as well as to strengthen our defenses against the adversaries.”

All in all, Mayorkas’ insights help underscore that successful cybersecurity in the future will rely on having a more transparent, collaborative, and holistic agenda to strengthen defenses in pursuit of a safer, more secure world.

“Cybersecurity threats are only going to increase. I think they're going to increase in frequency and increase in gravity and sophistication,” he said. “We are coming up in 2024 to an election year. Adverse nation states are going to increase their cyber activity. At the same time, we're going to strengthen our cyber partnerships — public, private, and international.”

“The landscape is going to be a charged one,” Mayorkas said. “We all have to be vigilant, and we all have to work together.”