Last month the Department of Homeland Security (DHS) unveiled its new cybersecurity strategy. DHS characterizes the strategy as providing “the Department with a framework to execute our cybersecurity responsibilities during the next five years to keep pace with the evolving cyber risk landscape by reducing vulnerabilities and building resilience; countering malicious actors in cyberspace; responding to incidents; and making the cyber ecosystem more secure and resilient.”
In the strategy document, DHS cybersecurity goals for the next five years are succinctly stated:
- “Goal 1: Assess Evolving Cybersecurity Risks. We will understand the evolving national cybersecurity risk posture to inform and prioritize risk management activities.
- Goal 2: Protect Federal Government Information Systems. We will reduce vulnerabilities of federal agencies to ensure they achieve an adequate level of cybersecurity.
- Goal 3: Protect Critical Infrastructure. We will partner with key stakeholders to ensure that national cybersecurity risks are adequately managed.
- Goal 4: Prevent and Disrupt Criminal Use of Cyberspace. We will reduce cyber threats by countering transnational criminal organizations and sophisticated cyber criminals.
- Goal 5: Respond Effectively to Cyber Incidents. We will minimize consequences from potentially significant cyber incidents through coordinated community-wide response efforts.
- Goal 6: Strengthen the Security and Reliability of the Cyber Ecosystem. We will support policies and activities that enable improved global cybersecurity risk management.
- Goal 7: Improve Management of DHS Cybersecurity Activities. We will execute our departmental cybersecurity efforts in an integrated and prioritized way.”
Clearly, DHS has taken another step in fortifying its role as the lead civilian agency in the federal government for cybersecurity. DHS’s responsibility to protect against cyber threats has evolved significantly from early days of the department and its creation under the Homeland Security Act of 2002.
The DHS Mission Vision and Strategic Goals were crafted shortly after its legislative inception. Succinctly, the mission: “We will lead the unified national effort to secure America. We will prevent and deter terrorist attacks and protect against and respond to threats and hazards to the Nation. We will ensure safe and secure borders, welcome lawful immigrants and visitors, and promote the free flow of commerce.” The vision: “Preserving our freedoms, protecting America … we secure our homeland. Strategic Goals: Awareness, Prevention, Protection, Response, Recovery, Service, Organizational Excellence.”
Fifteen years ago, CBRNE – Chemical, Biological, Radiological, Nuclear, and Explosives – were the threats of top concern of the mission vision and strategic goals. Cybersecurity was on the agenda and was a key focus along with interoperable communications. Because of the exponential growth of the internet of things, mobile devices, big data, and digital commerce, cybersecurity has grown immensely as a key priority while DHS has assumed more of a formal government role in the civilian cyber arena.
A predominant reason for the enhanced focus on cybersecurity has been the rapid changes in the information technology landscape. Since 2002, the capabilities and connectivity of cyber devices and communications have grown exponentially. So have the cyber intrusions and threats from malware and hackers, requiring restructuring of priorities and missions. The cyber threat reaches far beyond ISIS and al-Qaeda, and includes hacktivists, various organized criminal enterprises and adversarial nation-states.
In the past few years, a prime target of cyber intrusions has been the nation’s critical infrastructure, such as financial systems, chemical plants, water and electric utilities, hospitals, communication networks, commercial and critical manufacturing, pipelines, shipping, dams, bridges, highways and buildings. These incidents are not sector-specific and represent a challenge to preparation, budget and technical resources.
A change in these risk environments has corresponded with a heightened DHS collaboration with other agencies, and especially the private sector stakeholders who own most of the nation’s vital infrastructure. DHS has had to step up assessing situational awareness, information-sharing and resilience research and development plans with these stakeholders to mitigate risk and protect critical infrastructure and key resources.
In the past few years, a prime target of cyber intrusions has been the nation’s critical infrastructure, such as financial systems, chemical plants, water and electric utilities, hospitals, communication networks, commercial and critical manufacturing, pipelines, shipping, dams, bridges, highways and buildings.
In a recent speech at the 2018 Critical Infrastructure Summit, Secretary Kirstjen Nielsen also spoke to her cybersecurity priorities. Those priorities include addressing systemic risk and catastrophic risk through the collective defense model where government and industry work closer together, especially in the area of information sharing. Protecting the civilian federal cyber systems and strengthening the cybersecurity of the election infrastructure are also DHS critical cybersecurity priorities.
DHS’s integral role in cyber preparedness, response and resilience are now accepted by other federal agencies, including the leadership of the defense and intelligence agencies. Retired Gen. Keith Alexander, former commander of USCYBERCOM and former director of the National Security Agency (NSA), noted recently that it is appropriate to put DHS in “the middle” of the issue. DHS, as a civilian agency, should take a leading role in safeguarding the nation’s cybersecurity preparedness. The Department of Defense (DoD) retains responsibility for offensive cybersecurity capabilities, including cyber warfare.
A change in these risk environments has corresponded with a heightened DHS collaboration with other agencies, and especially the private-sector stakeholders who own most of the nation’s vital infrastructure. DHS has had to step up assessing situational awareness, information sharing and resilience research and development plans with these stakeholders to mitigate risk and protect critical infrastructure and key resources.
There are multiple executive policy components that clarify DHS’s heightened role in the federal cybersecurity arena. The original enforcement authority in cybersecurity was spelled out under the Homeland Security Act (Section 2010) and reinforced by Homeland Security Presidential Directive 7 (HSPD-7), which stipulated that DHS “serve as a focal point for the security of cyberspace.”
Subsequently, President George W. Bush established the Comprehensive National Cybersecurity Initiative (CNCI), pursuant to HSPD-23/NSPD-54. The CNCI laid the foundation for setting goals to meeting the full spectrum of cyber threats and many of the current policies stem from that initiative.
In July 2010, the Office of Management and Budget (OMB) assigned DHS the primary responsibilities for overseeing the federal-wide information security program and evaluating its compliance with the Federal Information Security Management Act of 2002 (FISMA). DHS is responsible for overseeing the protection of the .gov domain and also for detecting and responding to malicious activities and potential threats. DHS is also charged with annually reviewing the cybersecurity programs of all federal departments and agencies. The federal interagency Quadrennial Homeland Security Review (QHSR), which recognizes that DHS missions are “enterprise-wide and not limited to the Department of Homeland Security,” provided affirmation of OMB’s declaration.
In 2010, DHS and DoD signed a landmark memorandum of agreement to protect against threats to critical civilian and military computer systems and networks. The DoD acknowledgement of DHS’s centrality in cybersecurity issues made a statement that the services would agree to DHS leadership and cooperate in spite of potential opposition from some in the intelligence community.
In October 2012, President Obama issued Executive Order 13618 (and later Executive Order 13636), corresponding to Presidential Policy Directive-21 (PPD-21), which further provides an approach to developing standards and enhancing information sharing with critical infrastructure owners and operators.
To better protect the federal cyber space, DHS deployed an automated cyber surveillance system called EINSTEIN 2 that monitors federal Internet traffic for malicious intrusions and provides near real-time identification of malicious activity. Interagency committees are also being established to coordinate detection and protection efforts to federal infrastructure across more than 15 agencies.
In May 2017, President Trump issued an executive order on “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” According to DHS, the executive order builds on DHS’s legal authorities, directing the department to assess and report on a number of key actions in order to secure federal networks. While each department or agency is responsible for the cybersecurity of its networks, DHS leads these efforts and ensures a baseline level of security across the civilian executive branch.
A report in response to the executive order listed five complementary goals that would improve the resilience of the ecosystem:
- Identify a clear pathway toward an adaptable, sustainable, and secure technology marketplace
- Promote innovation in the infrastructure for dynamic adaptation to evolving threats
- Promote innovation at the edge of the network to prevent, detect, and mitigate bad behavior
- Build coalitions between the security, infrastructure, and operational technology communities domestically and around the world
- Increase awareness and education across the ecosystem
The underlying theme of the most recent proclamations is that they encourage private/public sector collaboration and are voluntary in nature. Over a dozen legislative proposals are now being considered in Congress to delineate regulatory impact and liabilities under such collaboration. It is unclear when, or whether, such legislation will actually be enacted. In the meantime, existing presidential and OMB directives create the operating framework, and the private sector is being relied upon more as a strategic partner.
DHS has come a long way since 2002 and has elevated its technological and organizational capabilities in confronting security and terrorist threats. There has been great progress since the creation of DHS in many critical areas. This includes better security methods, detection technologies, and intelligence sharing in transportation security, particularly in aviation. Better training, inter-jurisdictional coordination and secure & interoperable communications for first responders. New predictive analytics and technologies to combat pandemics and biological, chemical, and explosive threats. And creation of enterprise cybersecurity monitoring, threat awareness and detection, and private/public partnering to protect critical infrastructures.
No longer on the back burner, cybersecurity is a major challenge to the nation’s economic and security welfare. It will require continued dedication, public/private sector cooperation and leadership for DHS to continually fulfill its growing leadership role.
The views expressed here are the writer’s and are not necessarily endorsed by Homeland Security Today, which welcomes a broad range of viewpoints in support of securing our homeland. To submit a piece for consideration, email [email protected] Oureditorial guidelines can be found here.