President Biden has made cybersecurity a top priority for the Biden-Harris Administration at all levels of government. The Department of Homeland Security (DHS) plays a lead role in strengthening the nation’s cyber resilience, but cybersecurity is not limited by boundaries, borders, and jurisdictions. Protecting against cyber threats at home also requires collaborating with partners abroad and DHS agencies and offices also play a critical role in enhancing cybersecurity efforts worldwide.
DHS Office of Strategy, Policy, and Plans (PLCY)
PLCY leads international cybersecurity engagement and negotiations for the Department and develops holistic policy in support of DHS’s international cybersecurity priorities. In addition to supporting the Secretary and Deputy Secretary’s ministerial engagements, PLCY routinely engages in a range of bilateral and multilateral venue on cybersecurity, cyber crime, and related technology issues.
DHS has played a central role in U.S. Government international cyber diplomatic efforts over the past decade, including efforts to develop norms of responsible state behavior in cyberspace and to deter malicious cyber activity, and supporting high-level U.S. dialogues with foreign nations. Through attachés in over 60 locations, DHS engages with host governments and embassy staff on a range of issues and provides reach back to cybersecurity policy and operational experts across the Department.
PLCY represents DHS in key initiatives of the Biden-Harris Administration such as the U.S.-EU Ransomware Working Group and U.S.-Republic of Korea Ransomware Working Group. PLCY representatives serve as co-Chair of the Organization of Economic Cooperation and Development (OECD) Working Party on Security in the Digital Economy and represent the U.S. Government in the High-Level Risk Forum.
Cybersecurity and Infrastructure Security Agency (CISA)
CISA works with international partners to build U.S. capacity – and strengthen global capacity – to defend against malicious cyber incidents and enhance the security and resilience of critical infrastructure. The agency’s first international strategy, CISA Global, released in 2021, focuses on advancing operational cooperation; building international partner capacity; strengthening collaboration through stakeholder engagement and outreach; and shaping the global policy ecosystem to strengthen cyber and infrastructure security.
Working in concert with like-minded partners, CISA shares best practices, engages in information exchanges, issues joint products for global distribution, manages and participates in exercises, and offers training on critical issues such as securing industrial control systems (ICS). CISA regularly releases joint advisories reflecting the international nature of many cyber threats. For example, CISA’s 2021 Trends Show Increased Globalized Threat of Ransomware was released in coordination with the FBI, NSA, and Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK).
CISA regularly engages with the global community of Computer Security Incident Response Teams (CSIRT) as the national CSIRT of the U.S. Government, sometimes colloquially referred to as the national Computer Emergency Readiness or Response Team (CERT). Through the CERT channels, CISA shares actionable information on emerging and systemic global cybersecurity threats. CISA also works through multilateral forums to advance cyber and infrastructure security – including through technical working groups and the Forum of Incident Response and Security Teams (FIRST), and through regional organizations.
U.S. Coast Guard
The Coast Guard leads the protection of the marine transportation system against cyber threats in the U.S. government. Through its international port security program, the Coast Guard offers training and capacity building, technical cooperation, and port security assessments to improve overall port security and resilience. To synchronize cybersecurity best practices and increase interoperability among key stakeholders in the Marine Transportation System, the Coast Guard advances multilateral discussions and international engagements with military, regulatory, public sector organizations, and private sector companies.
The Coast Guard is a founding partner of the Global Marine Transportation System Cybersecurity Initiative. Launched in 2019 with support from the White House and first hosted by the Netherlands, the symposium has since expanded to include over 20 international partners. The Coast Guard seeks to enhance collaboration among public sector, private sector, and our international partners, including discussions and presentations from non-government organizations (NGOs), academia, private sector maritime shipping, US ports, and private sector cybersecurity companies. The Coast Guard is a member of the International Maritime Organization and has contributed to its efforts toward incorporating cybersecurity in required vessel Safety Management Systems. The Coast Guard monitors foreign ships’ cybersecurity compliance through its Port State Control program at ports across the country.
Transportation Security Administration (TSA)
TSA promotes the cyber security and resilience of the global transportation system, including through technical cooperation, engagement with aviation and surface transportation international partners, and implementation of aviation security agreements and arrangements. For example, TSA participates with Canadian partners in the Energy Utility Sector Network and the Canadian Standards Association, as well as the International Union of Railways, and International Working Group Land Transport Security on cybersecurity issues. TSA also collaborates with the International Civil Aviation Organization (ICAO) to further the development of international cybersecurity technical standards.
TSA administers its Foreign Airport Assessment Program (FAAP) at last point of departure airports to identify, analyze, and mitigate aviation security risk. The FAAP utilizes ICAO Standards and Recommended Practices. Through the FAAP, TSA ensures that each country with service to the United States identifies, and has measures to protect critical information, communications technology systems, and data used for civil aviation purposes against unlawful interference.
U.S. Secret Service (USSS)
USSS partners with the global law enforcement community to combat transnational cyber-enabled financial crime and operates 20 international attaché offices and Cyber Fraud Task Forces, in 18 countries on 6 continents. USSS participates in bilateral and multinational investigative operations to apprehend transnational cyber criminals through mutual legal assistance treaties and partnerships. USSS and international law enforcement partners share information on known cyber threats and criminal techniques for the purposes of mitigating the impact of cyber-enabled crimes.
USSS is the first U.S. law enforcement agency to have permanent representation at Europol with an attaché assigned to the Joint Cybercrime Action Taskforce at Europol’s European Cyber Crime Center. USSS has been expanding its presence around the globe, including in the Indo-Pacific ranging from Australia to Thailand. USSS is a participating member of multiple other multinational law enforcement efforts to combat cyber-enabled crimes.
These transnational partnerships have led to successful investigative operations and significant criminal arrests such as the 2021 multinational operation with Dutch Police and Europol partnering to arrest multiple individuals responsible for ransomware attacks affecting over 1,800 victims in 71 countries. Secret Service investigations prevent over $2 billion in cyber financial loses every year.
USSS conducts partner capacity building by training foreign partners in digital forensics, network intrusion response, cyber-enabled financial crime investigations, and cryptocurrency tracing. This training is provided at the individual country level and through the U.S. Department of State International Law Enforcement Academies. Since 2019, the USSS has provided 41 cyber-related investigative courses to 961 foreign professionals from 83 countries.
U.S. Immigration and Customs Enforcement (ICE) – Homeland Security Investigations (HSI)
Through its 86 international attaché and DOD liaison offices across 55 countries and 6 continents, HSI executes its mission to investigate transnational cybercrime. HSI also conducts international cybersecurity training, including use of online undercover platforms, dark web, child exploitation investigations, mobile phone data extraction, cyber-enabled financial crime investigations, and cryptocurrency tracing, and digital forensics for first responders. HSI leads Transnational Criminal Investigative Units (TCIUs), which investigate cybercrime, in addition to other types of crime. For example, HSI-New York working collaboratively with TCIUs in other countries contributed to the Department of Justice’s largest financial seizure ever over $3.6 billion in cryptocurrency linked to the 2016 hack of Bitfinex, a virtual currency exchange.
HSI focuses specifically on countering child exploitation and is a founding member and U.S. representative of the Virtual Global Task Force and a Chair on the INTERPOL Specialists Working Group (ISWG) on Crimes Against Children. HSI also participates in the Victim Identification Task Force (VIDTF), Global Covert Internet Investigators Working Group, the International Child Sexual Exploitation (ICSE) Database Next Generation Working Group, the Combatting Child Exploitation Network (CCEN), as well as other international initiatives.
Science and Technology Directorate (S&T)
S&T conducts research, development, test, and evaluation (RDT&E) for the transition of advanced cybersecurity technologies to DHS agencies. As part of this mission, S&T executes international treaties and agreements with partners on RDT&E programs that span the DHS cybersecurity and emerging technology mission spaces. S&T’s global network of partners build scientific capacity and accelerate solutions development, strengthening the Department’s capabilities, readiness, and resilience in the cyber domain.
U.S. Customs and Border Protection (CBP)
CBP administers the Customs Trade Partnership Against Terrorism (CTPAT), which currently has over 11,000 participants representing a broad cross-section of the global trade community. CTPAT participants are required to meet certain cybersecurity requirements set by CBP. Through CTPAT, CBP works collaboratively with partners to strengthen international supply chains and improve U.S. border security.