Department of Homeland Security Under Secretary Chris Krebs, head of the agency’s National Protection and Programs Directorate (NPPD), has named Bob Kolasky to serve as director of the newly-established National Risk Management Center (NRMC), a DHS official confirmed to MeriTalk today.
Kolasky currently serves as the acting assistant secretary of Infrastructure Protection at NPPD and was previously the deputy assistant secretary of Infrastructure Protection. “Bob is uniquely qualified to lead this significant undertaking and I am confident he is ready for the challenge,” Krebs said. “Bob will stand up a planning team and begin his transition to lead the Center.”
News of Kolasky’s appointment comes from an August 2 memo sent from Krebs to his colleagues at NPPD. A DHS official confirmed to MeriTalk the authenticity of the memo, obtained by Inside Cybersecurity. In the memo, Krebs discusses staffing for the new center, and how it will function in concert with other DHS cyber and critical infrastructure offices.
Krebs said NRMC will initially be comprised of NPPD’s Office of Cyber and Infrastructure Analysis (OCIA), with additional resources from the Office of Infrastructure Protection and Office of Cybersecurity and Communications (CS&C).
Activities at the latter two offices, Krebs said, will be evaluated internally, as they “may be better aligned to the mission” of NRMC. “In the event an ongoing or new activity is identified, we will establish project teams coordinated within the center so staff are able to work collaboratively to develop and execute risk management strategies,” he said.
Krebs called the new center an elevation of OCIA’s mission, which promotes a “higher order understanding of risk, criticality, and how to increase resilience.”
Krebs further explained the impetus for NRMC, referencing a need for “tighter collaborations across industry and government,” and to “enhance efforts to understand holistic risk conditions across our nation’s infrastructure” and “transcend the traditional sector definitions.” Upon NRMC’s announcement, leaders in government and major critical infrastructure sectors hailed the new center as a way to pool collective expertise.
Krebs also clarified NRMC’s relationship with two existing NPPD Centers: The National Cybersecurity and Communications Integration Center (NCCIC) and National Infrastructure Coordinating Center (NICC).
Those aren’t going away. Krebs said DHS will “continue to integrate the watch and warning functions of NCCIC and NICC” within a larger NRMC goal of “operationalizing risk management” and “the Secretary’s authorities to lead and coordinate national critical infrastructure protection efforts alongside our government and industry partners.”
“The NCCIC will continue to be our eyes and ears for cyber and the NICC for physical threats. The National Risk Management Center will be the engine for how we understand and the platform by which we’ll collectively defend our infrastructure,” he said.
Krebs also hailed NPPD-wide efforts “to move into the role Congress has defined” for it as the authority in protecting the nation’s critical infrastructure. But NPPD is still waiting on Congress to act further–to rename the organization–through currently-stagnant proposed legislation that was recently touted by Vice President Mike Pence.
To fill the leadership role vacated by Kolasky, Krebs also announced he has named Steve Harris to serve as acting principal deputy assistant secretary for the Office of Infrastructure Protection.