DHS Unveils 5 Pillar Strategy to Guide Cybersecurity Efforts (See them Here)

The DHS Cybersecurity Strategy sets out five pillars of a DHS-wide risk management approach and provides a framework for executing our cybersecurity responsibilities and leveraging the full range of the Department’s capabilities to improve the security and resilience of cyberspace.
The DHS Cybersecurity Strategy sets out five pillars of a DHS-wide risk management approach and provides a framework for executing our cybersecurity responsibilities and leveraging the full range of the Department’s capabilities to improve the security and resilience of cyberspace.

We depend upon cyberspace for daily conveniences, critical services, and economic prosperity. At the U.S. Department of Homeland Security (DHS), we believe that cyberspace can be made secure and resilient.

DHS works with key partners across the Federal government, State and local governments, industry, and the international community to identify and manage national cybersecurity risks.

DHS bannerThe DHS Cybersecurity Strategy sets out five pillars of a DHS-wide risk management approach and provides a framework for executing our cybersecurity responsibilities and leveraging the full range of the Department’s capabilities to improve the security and resilience of cyberspace.

Reducing our national cybersecurity risk requires an innovative approach that fully leverages our collective capabilities across the Department and the entire cybersecurity community.

DHS released the strategy outlining the Department’s approach to identifying and managing national cybersecurity risk on Tuesday, May 15th.

The DHS strategy details a Department-wide approach to address the evolving threats to our nation’s cyber and critical infrastructure security.

Directed by the National Defense Authorization Act of 2017, this strategy addresses strategic and operational goals and priorities to successfully execute the full range of the DHS Secretary’s cybersecurity responsibilities.

The intent is for this strategy to enable the harmonization and prioritization of DHS planning, programming, budgeting, and operational activities across all DHS cybersecurity mission areas.

It will focus on coordinating departmental cybersecurity activities to ensure a unity of effort.

Secretary of Homeland Security Kirstjen M. Nielsen
Secretary of Homeland Security Kirstjen M. Nielsen

“The cyber threat landscape is shifting in real-time, and we have reached a historic turning point,” said Secretary Nielsen.

“Digital security is now converging with personal and physical security, and it is clear that our cyber adversaries can now threaten the very fabric of our republic itself.”

“That is why DHS is rethinking its approach by adopting a more comprehensive cybersecurity strategy.”

“In an age of brand-name breaches, we must think beyond the defense of specific assets—and confront systemic risks that affect everyone from tech giants to homeowners.”

“Our strategy outlines how DHS will leverage its unique capabilities on the digital battlefield to defend American networks and get ahead of emerging cyber threats.”

As noted above, DHS’s strategy sets forth a five-part approach to manage national cyber risk aimed at ensuring the availability of critical national functions and fostering efficiency, innovation, trustworthy communication, and economic prosperity in ways consistent with our national values and that protect privacy and civil liberties.

Courtesy of DHS
Courtesy of DHS

Risk Identification:

  • Assess the evolving national cybersecurity risk posture to inform and prioritize risk management activities.

Vulnerability Reduction:

  • Protect federal government information systems by reducing the vulnerabilities of federal agencies to ensure they achieve an adequate level of cybersecurity.

Threat Reduction:

  • Reduce national cyber threats by countering transnational criminal organizations and sophisticated cyber criminals.

Consequence Mitigation:

  • Respond effectively to cyber incidents to thereby minimize consequences from potentially significant cyber incidents through coordinated community-wide response efforts.

Enable Cybersecurity Outcomes:

  • Strengthen the security and reliability of the cyber ecosystem by supporting policies and activities that enable improved global cybersecurity risk management and execute departmental cybersecurity efforts in an integrated and prioritized way.

The goals and objectives set forth in this strategy are designed to ensure that DHS maximizes its unique resources to accomplish impactful policy and operational outcomes.

A core guiding principle underlying the DHS strategy approach is collaboration across the cybersecurity community, including with our partners in the federal government, state and local governments, industry, and the international community.

By working closely with our partners, the Department believes that cyberspace can be made safe and secure enabling the functioning of government, the delivery of essential services, and the betterment of the lives of the American people.

(Point of Interest. Learn More. More than 143 million Americans are victims of an Equifax cyber breach; Catherine Herridge goes in-depth for ‘Special Report.’ Courtesy of Special Report, Fox News and YouTube. Posted on Sep 8, 2017)

DHS CYBERSECURITY STRATEGY IN ACTION

• In October 2017, DHS issued Binding Operational Directive 18-01, mandating that Federal agencies take specific steps to enhance email and web security, including the deployment of DMARC (Domain-based Message Authentication, Reporting and Conformance).

• During the 2017 WannaCry worldwide malware attack, the National Protection and Programs Directorate (NPPD) partnered with other agencies and industry to assist U.S. hospitals to ensure their systems were not vulnerable, and issued a public technical alert to assist defenders with defeating this malware.

• In January 2018, the U.S. Immigration and Customs Enforcement (ICE) Homeland Security Investigations (HSI) and the Department of Justice in Las Vegas indicted 36 individuals for their roles in the Infraud Organization, an internet-based criminal enterprise engaged in the large scale acquisition and sale of stolen credit card data and identity documents. This organization was responsible for the loss in excess of $530 million. The HSI investigation has led to the recovery of over 4.3 million compromised credit card account numbers.

• In July 2017, the United States Secret Service, through a synchronized international law enforcement operation, affected the arrest of a Russian national alleged to have operated BTC-e. From 2011 to 2017, BTC-e is alleged with facilitating over $4 billion worth of bitcoin transactions worldwide for cyber criminals engaging in computer hacking, identity theft, ransomware, public corruption, and narcotics distribution. Researchers estimate approximately 95% of ransomware payments were laundered through BTC-e.

• In October 2017, the U.S. Coast Guard (USCG) stood up the Office of Cyberspace Forces, to organize, man, train, and equip the USCG cyberspace operational workforce and develop cyberspace operational policy to operate, maintain, defend, and secure USCG systems and networks, enable USCG operations through cyberspace capabilities, and protect the Maritime Transportation System from cyber threats.

To view the entire strategy, please go to https://www.dhs.gov/sites/default/files/publications/DHS-Cybersecurity-Strategy_1.pdf

Learn more on the strategy here.

(Cyber theft rings, hackers, and data breaches are just a few of the real-time internet threats that, if left unchecked, could derail our way of life and compromise national security. These threats change in number and sophistication daily. That is why the Department of Homeland Security (DHS) is recruiting dynamic and cutting edge professionals to protect the nation’s cyberspace. Courtesy of the U.S. Department of Homeland Security and YouTube)

Learn More at http://www.dhs.gov/cybercareers.