Top priorities for DHS’ National Protection & Programs Directorate


In this special two-part interview, NPPD Under Secretary Christopher Krebs joins the program to discuss the Department of Homeland Security’s new risk management center and his agency’s potential name change.

At last month’s Department of Homeland Security cybersecurity summit in New York, the agency unveiled plans for a new risk management center, to be administered by the National Protection and Programs Directorate. NPPD Under Secretary Christopher Krebs says that the new center is where infrastructure stakeholders can direct their security focus.


“The National Risk Management Center is an effort to bring cybersecurity and infrastructure security efforts to the forefront. To stitch together across the federal agencies, whether it’s the Department of Treasury, the Department of Energy, the intelligence community to a single point of focus,” said Krebs. “It’s not about incident response today, it’s not about steady state 24/7. We have other operation centers for that. The National Risk Management Center is about looking forward. What are the most [pressing] issues facing our critical infrastructure community?”


In an interview with Government Matters’ Colby Hochmuth, Krebs said that the timeline for establishing the center is clear and well-delineated.


“Come August 1, we set a number of 90-day sprints that will kind of manifest on November 1. Some of those actions were internal, like ‘What does our charter look like for the risk management center? What is our governance process for working with industry? How can industry put their requirements into the center?’” said Krebs. “When I think about my authorities at DHS, they’re almost exclusively voluntary. So, what I need to be able to do is understand what industry needs, what the demand signal is, and I can take that demand signal and craft a series of programs that satisfy an industry need.”


NPPD could be getting a name change soon. Pending congressional legislation would rename the directorate to the Cybersecurity and Infrastructure Security Agency. Since its introduction, the act has garnered bipartisan support. Krebs believes that a name change is necessary, not only for recognition, but also for recruiting.


“What we are trying to establish at the topline is… put a name on the door that tells stakeholders what we do,” said Krebs. “I need to be able to communicate, right out the gate. When I have that first meeting or have that phone call that says let’s work together, I’m not spending the first five minutes explaining what my name is.”