After a nine-year gap, the Department of Homeland Security released a new Quadrennial Homeland Security Review that reflects “an increasingly dynamic and complex environment” spanning a range of threats and stresses the need to both harness emerging innovation to better fulfill the department’s core missions and defend against technology’s potential risks.
“The review demonstrates a strategic and comprehensive view of interconnected threats that span our cyber systems, economic supply chains, and emerging technologies,” former Homeland Security Secretary Michael Chertoff, a Homeland Security Today Editorial Board member, told HSToday. “At the same time, it also focuses on the individual human scale effects of human trafficking and exploitation. This document reflects the maturation of the department and the experience of its leadership.”
The Quadrennial Homeland Security Review has not been released as an updated document every four years as intended. By law, a three-year-long review process culminates in the QHSR being finalized and submitted to Congress. In 2010 — the year of the Times Square bombing attempt and cargo bombs intercepted en route from Yemen to the United States — the first QHSR sought to define homeland security within five mission areas. The second QHSR, released in 2014, focused more on partnerships with state, local, tribal and territorial governments, the private sector, and nongovernmental organizations.
The first mission outlined in the 2023 QHSR is countering terrorism and preventing threats, including collecting, analyzing, and sharing actionable intelligence and information; preventing and disrupting terrorist and nation-state threats; protecting leaders and designated individuals, facilities, and events; and identifying and countering emerging chemical, biological, radiological, and nuclear threats.
“Domestic violent extremists (DVEs) — individuals who are based and operating primarily within the United States seeking to further political goals or address perceived grievances through unlawful acts of force or violence, without direction or inspiration from a foreign terrorist group or other foreign power — represent one of the most persistent and lethal threats facing our nation,” the QHSR states, emphasizing the importance of information sharing and intelligence to prevent domestic terrorist recruitment and mobilization to violence and disrupt and deter domestic terrorism activity.
The second mission is secure and managing air, land, and maritime borders while expediting lawful trade and travel and countering transnational criminal organizations and other illicit actors. DHS strategy to confront these challenges includes “surging resources, increasing efficiency to reduce strain on the border, administering consequences for unlawful entry, bolstering the capacity of NGOs and working with state and local partners, targeting and disrupting networks of cartels and smugglers, and working with our regional partners to deter irregular migration.” The third mission, addressing the nation’s immigration system, focuses on administration and enforcement.
Securing cyberspace and critical infrastructure is the fourth mission in the QHSR, including supporting the cybersecurity of federal civilian networks, strengthening the security and resilience of critical infrastructure, assessing and countering evolving cyber and emerging technology risks, and combating cybercrime.
Former Cybersecurity and Infrastructure Security Agency Senior Advisor Katherine Ledesma told HSToday that she was glad to see “continued commitment and dedicated discussion” in this area. “As we as a nation grow more digitally interconnected, so do the systems that underpin our most critical services,” she said. “Even more now than when the last QHSR was released in 2014, we understand that cyber attacks have real-world, physical consequences and adversaries are targeting human life and critical services in addition to data and networks.”
“With its emphasis on protecting the critical infrastructure, including manufacturing and transportation, the new QHSR makes it clear that this mission is about protecting and defending operational technology, or OT, and industrial control systems, as well as information technology,” Ledesma continued. “This is a distinction we weren’t talking about broadly as a community in 2014, but one requiring both attention and investment from government and industry alike. The specialized computers and networks that interact with the physical environment, such as a control system that opens up a circuit breaker on an electric substation, are what makes critical infrastructure critical.”
The fifth mission outlined in the QHSR is building a resilient nation and coordinating federal response to incidents, strengthening national resilience, supporting equitable community recovery, and enhancing training and readiness of first responders.
“I applaud the Department of Homeland Security and Secretary Mayorkas for the release of the 2023 Quadrennial Homeland Security Review (QHSR) as it assesses the threats of today and tomorrow as well as the DHS priorities,” former Federal Emergency Management Administrator Pete Gaynor told HSToday. “As a former FEMA Administrator, of particular interest to me is the acknowledgement of the tremendous FEMA workforce and all they have done to ‘help people, before, during and after disasters’ in a wide range of traditional and non-traditional mission sets.”
“Additionally, the QHSR recognizes that our world continues to grow in complexity and interconnected events,” Gaynor, an HSToday Editorial Board member, said. “I hope this recognition fuels congressional support of FEMA’s operational budget, the need for increased staffing, and simplification of current regulations and laws which directly impact the FEMA mission.”
And this QHSR adds a sixth mission for DHS, as Chertoff noted: combating crimes of exploitation and protecting victims. This includes enhancing prevention of crimes such as human trafficking and child sex exploitation through public education and training; identifying, protecting, and supporting victims; and detecting, apprehending, and disrupting perpetrators.
“The Department should be commended for the 2023 QHSR,” Bob Kolasky, who led the Cybersecurity and Infrastructure Security Agency’s National Risk Management Center as one of CISA’s assistant directors, told HSToday. “Hopefully, it is a sign of a renewed commitment to strategic thinking and regularly updating the DHS and homeland security enterprise strategy.”
Homeland Security Secretary Alejandro Mayorkas coordinated his State of Homeland Security address with the launch of the new QHSR, telling the Council on Foreign Relations on Friday that the department is “confronting a dramatically changed environment compared to the one we faced in March 2003,” underscoring that “our homeland security has converged with our broader national security.”
Mayorkas announced a 90-day “sprint” at DHS to assess how the threats posed by China will evolve “and how we can be best positioned to guard against future manifestations of this threat,” particularly critical infrastructure threats and how to better intercept “illicit travelers from the PRC who exploit our lawful immigration and travel systems to collect intelligence, steal intellectual property, and harass dissidents, while still we must facilitate lawful travel.”
Vowing that DHS “will lead in the responsible use of AI to secure the homeland and in defending against the malicious use of this transformational technology” and ensuring that “our use of AI is rigorously tested to avoid bias and disparate impact, and is clearly explainable to the people we serve,” Mayorkas also announced the creation of the department’s first Artificial Intelligence Task Force to “drive specific applications of AI to advance our critical homeland security missions” including supply chain security and detecting fentanyl smuggling.
“I read the QHSR as a realization that the nature of the threat and risk environment has significantly changed since 2014, and that’s absolutely correct,” said Kolasky, an HSToday Editorial Board member. “Homeland security is now as much about securing the homeland against emerging and evolving risks as it is about protection and disaster response. Reframing the department’s approach to address systemic challenges as well as acute ones is an imperative.”
“This makes some well-worn homeland security concepts such as unity of effort, whole of community partnerships, technology modernization and resilience more important than ever, and the test of the QHSR’s success is whether it can drive DHS to continue to update approaches in those areas to meet the challenges identified,” Kolasky added.
The QHSR includes a section on enabling mission success by strengthening the enterprise through “mature organizational governance,” championing the workforce, and harnessing data and technology to advance mission delivery.
“DHS is fully leveraging digitization and automation to reduce the amount of time our employees spend on manual, repetitive tasks and increase the time they spent on their critical homeland security missions,” the QHSR states. “Saving agent and officer time processing cases gets our frontline workforce back into the field executing their security mission instead of completing paperwork that can be automated.”
Recognizing the need for the department to “focus on developing and deploying new technologies and capabilities to execute our missions efficiently and effectively” while acknowledging the need to “be alert to the ways in which threat actors could leverage such technologies and develop the necessary policies and means to mitigate those risks,” the strategy says that over the next four years “DHS will scout, invest, and collaborate to fulfill our missions and must develop new approaches to engagement that meet the pace of business and technological change.” That includes increasing engagement with industry, interagency, international, and non-traditional partners as well as supporting and incentivizing innovation.
Recognizing how critical it is to build a strong, mission-ready workforce, the QHSR notes that the Cybersecurity Talent Management System launched in 2021 “has processed over 5,000 applicants across a wide range of experience levels for an initial cohort of positions in both CISA and the Office of the Chief Information Officer.” DHS will also “undertake a comprehensive review of hiring across the Department to identify trouble spots and implement Department-wide efficiencies based on DHS’s mission requirements and lessons learned from the Office of Personnel Management.”
The document also stresses the importance of data management and security, and the department’s intention “to leverage technology to enhance our preparedness and resiliency, improve the interoperability of our operations, and better share information with the homeland security enterprise.”
Ledesma said she was “encouraged to see the continued focus on partnerships in general throughout the new QHSR, specifically public private partnerships, such as the Joint Cyber Defense Collaborative, or JCDC.”
“The QHSR describes ’empowered’ partnerships and I believe this means partnerships that leverage the skills and talent in the private sector to complement those in DHS and other agencies,” she said. “When leveraged together, this will help us move more quickly toward coordinated, collective defense of our nation’s critical infrastructure.”
