DHS Aims to Improve Cybersecurity and Survivability
Domestic cybersecurity has some new potential vulnerabilities to defend, according to the Department of Homeland Security’s (DHS’s) 2018 Cybersecurity Strategy. In addition to conventional concerns such as the water and power grids and the financial sector, the burgeoning number of Internet-connected devices and the global supply chain have emerged as areas that must be protected against a growing threat from a variety of adversaries.
The report states that more than 20 billion devices are expected to be connected to the Internet by 2020, and this explosion of connectivity among different technologies will introduce substantial risks. The broad vulnerability surface is complicated by wide availability of low-cost, increasingly capable cyber tools that are being wielded by more diverse and numerous adversaries.
Stating, “More than ever, cybersecurity is a matter of homeland security and one of the core missions of the U.S. Department of Homeland Security,” the strategy sets a five-year framework for cyber defense. it calls for “more effective cyber risk management … to make the cyber ecosystem more fundamentally secure and resilient.” The five-year effort strives to keep pace with the evolving cyber risk by reducing vulnerabilities and building resilience, according to the strategy. Other supporting goals include countering malicious cyberspace actors and responding to incidents.
As described in the strategy, the cyber ecosystem encompasses “the interconnected network of information technology infrastructure we call cyberspace” as well as the conditions that influence the network. The department must support efforts to develop high-leverage technical, operational and policy innovations to secure this ecosystem, the report states. Operators of commercial off-the-shelf products or systems lack the capability to manage supply chain risks, and the globalization of that information technology supply chain—along with moving information to the cloud—is increasing vulnerability points and risks that must be addressed.
The DHS strategy lists five cybersecurity pillars comprising seven goals. The first pillar, risk identification, emphasizes assessing evolving cybersecurity risks to inform and prioritize risk management activities. The second pillar, vulnerability reduction, includes the two similar goals of protecting federal government information systems and safeguarding the critical infrastructure. On the federal side, the DHS will strive to reduce federal agency vulnerabilities. Protecting the infrastructure will require the department to “partner with key stakeholders to ensure that national cybersecurity risks are adequately managed.”
The third pillar is threat reduction, and it aims to prevent and disrupt criminal use of cyberspace. Targets will include transnational criminal organizations and sophisticated cyber criminals. The fourth pillar, consequence mitigation, focuses on the goal of responding effectively to cyber incidents. Coordinated community-wide responses will help minimize consequences from cyber incidents.
The fifth pillar is to enable cybersecurity outcomes. One of its two goals is strengthening the security and reliability of the cyber ecosystem through improved global cybersecurity risk management. The second goal in this pillar is to improve management of DHS cybersecurity activities, with a focus on integration and prioritizing.
Among other key points, the DHS calls for creating performance metrics to measure the effectiveness of new and existing cybersecurity capabilities, tools and services in the federal realm. The strategy notes the “critical shortage of cybersecurity talent globally” for both the public and private sectors, and it states that the DHS must expand cybersecurity personnel recruitment, training and retention programs. It also aims at “denying access to, and imposing costs on, those who try to use cyberspace for illicit purposes.”
Law enforcement will be key as the cyber threat extends beyond well-known breaches of sensitive or personal information. Financial fraud, money laundering, intellectual property and technology theft, selling of illicit goods and child exploitation all are growth areas for cyber criminals. The DHS strategy calls for adding the department’s specialized skills and capabilities to target and disrupt financial and trans-border cyber crimes. This will require closer collaboration with federal state, local and international law enforcement organizations.
Throughout the strategy, the DHS emphasizes the need to work collaboratively with partners in cybersecurity—both federal and nonfederal partners such as industry. This is especially vital in the critical infrastructure, where this partnership must include “promoting the development and adoption of best practices and international standards … .” This would include providing risk assessments and advancing cybersecurity risk management efforts. The department would work to develop tools and services in concert with targeted outreach to critical infrastructure owners and operators, and it would encourage adoption of the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity.