April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
DHS has become the epicenter for government cybersecurity
The Department of Homeland Security (DHS) has become the lead agency in the federal government for cyber security. DHS’s responsibility to protect against cyber threats has evolved significantly from early days of the Department and its creation under the Homeland Security Act of 2002.
DHS’s integral role in cyber preparedness, response and resilience are now accepted by other federal agencies, including the leadership of the defense and intelligence agencies. General Keith Alexander, Commander of USCYBERCOM and Director of the National Security Agency (NSA) noted recently that it is appropriate to put DHS in “the middle” of the issue. DHS, as a civilian agency, should take a leading role in safeguarding the nation’s cybersecurity preparedness. The Department of Defense (DOD) retains responsibility for offensive cybersecurity capabilities, including cyber warfare.
Retiring DHS Secretary Janet Napolitano affirmed in one of her last speeches that cyberspace is fundamentally a civilian space -- and a civilian benefit -- that employs partnerships with the private sector. She recommended that DHS continue to build up the nation’s cybersecurity posture and warned that “our country will, at some point, face a major cyber-event that will have a serious effect on our lives, our economy, and the everyday functioning of our society.”
The secretary’s comments are insightful on how emerging threats have changed since DHS’s inception. An early focus of DHS was on developing technologies and policies to address weapons of mass destruction (WMD), including bio-terrorism, chemical and radiation/nuclear. Also, threat detection capabilities for transportation (particularly aviation) and interoperable communications capabilities for first responders were key problems at hand. Combatting those threats are all still critical priorities, but addressing cyber threats has become a growing focus by policy makers.
A major reason for this new focus on cybersecurity has been the rapid changes in the information technology landscape. Since 2002, the capabilities and connectivity of cyber devices and communications has grown exponentially. So have the cyber intrusions and threats from malware and hackers, requiring restructuring of priorities and missions. The cyber threat reaches far beyond Al Qaeda, and includes various criminal enterprises and adversarial nation states.
In the past few years, a prime target of cyber intrusions has been the nation’s critical infrastructure, such as financial systems, chemical plants, water and electric utilities, hospitals, communication networks, commercial and critical manufacturing, pipelines, shipping, dams, bridges, highways and buildings. According to DHS Acting Deputy Secretary Rand Beers, in 2012 there were approximately 190,000 cyber incidents involving federal agencies, critical infrastructure and industry partners -- an increase of 68 percent from 2011. These incidents are not sector-specific and represent a challenge to preparation, budget and technical resources.
A change in these risk environments has corresponded with a heightened DHS collaboration with other agencies, and especially the private sector stakeholders who own most of the nation’s vital infrastructure. DHS has had to step up assessing situational awareness, information sharing and resilience research and development plans with these stakeholders to mitigate risk and protect critical infrastructure and key resources.
There are multiple executive policy components that clarify DHS’s heightened role in the federal cybersecurity arena. The original enforcement authority in cybersecurity was spelled out under the Homeland Security Act (Section 2010) and reinforced by Homeland Security Presidential Directive 7 (HSPD-7), which stipulated that DHS “serve as a focal point for the security of cyberspace…”
Subsequently, President George W. Bush established the Comprehensive National Cybersecurity Initiative (CNCI), pursuant to HSPD-23/NSPD-54. The CNCI laid the foundation for setting goals to meeting the full spectrum of cyber threats and many of the current policies stem from that initiative.
In July 2010, the Office of Management and Budget (OMB) assigned DHS the primary responsibilities for overseeing the federal-wide information security program and evaluating its compliance with the Federal Information Security Management Act of 2002 (FISMA). DHS is responsible for overseeing the protection of the .gov domain and also for detecting and responding to malicious activities and potential threats. DHS is also charged with annually reviewing the cyber security programs of all federal departments and agencies. The federal interagency Quadrennial Homeland Security Review (QHSR), which recognizes that DHS missions are “enterprise-wide and not limited to the Department of Homeland Security,” provided affirmation of OMB’s declaration.
In 2010, DHS and DOD signed a landmark memorandum of agreement to protect against threats to critical civilian and military computer systems and networks. The DOD acknowledgement of DHS’s centrality in cybersecurity issues made a statement that the services would agree to DHS leadership and cooperate in spite of potential opposition from some in the intelligence community.
In October 2012, President Obama issued Executive Order 13618 (and later Executive Order 13636), corresponding to Presidential Policy Directive-21 (PPD-21), which further provides an approach to developing standards and enhancing information sharing with critical infrastructure owners and operators. The Executive Order is aimed at identifying vulnerabilities, ensuring security and integrating resilience in the public/private cyber ecosystem. It has three major areas of focus: (1) Increase information sharing with the private sector, including classified cyber threat data; (2) Create a voluntary framework based on industry best practices to improve the cybersecurity of critical infrastructure providers; and (3) Protect privacy and civil liberties throughout the sharing and framework. DHS has created eight working groups to implement the Executive Order.
To better protect the federal cyber space, DHS has deployed an automated cyber surveillance system called EINSTEIN 2 that monitors federal Internet traffic for malicious intrusions and provides near real-time identification of malicious activity. Interagency committees are also being established to coordinate detection and protection efforts to federal infrastructure across more than 15 agencies.
The underlying theme of the latest proclamations is that they encourage private/public sector collaboration and are voluntary in nature. Over a dozen legislative proposals are now being considered in Congress to delineate regulatory impact and liabilities under such collaboration. It is unclear when, or whether, such legislation will actually be enacted. In the meantime, existing presidential and OMB directives create the operating framework, and the private sector is being relied upon more as a strategic partner.
DHS’s National Cybersecurity and Communications Integration Center (NCCIC) is the primary point of contact to deliver situational awareness and coordinate national protection, prevention, mitigation and recovery from cyber incidents. They work closely with private sector businesses and organizations. Within the NCCIC is the United States Computer Emergency Readiness Team (US-CERT) that provides response support and defense to actionable security alerts.
It is clear that the private sector has more experience, training and expertise in cybersecurity than the government, although the lack of cyber talent is an urgent problem for both sectors. The selection of Phyllis Schneck, a vice president from the cybersecuity firm McAfee as the next deputy under secretary of cybersecurity at DHS may signal that the government/industry partnership will continue to be strengthened, including research and development (R & D). The White House is also encouraging new incentives for the private sector for information sharing, including the sharing of classified information. The National Institute for Standards and Technology (NIST), in cooperation with DHS, is developing standards for the voluntary cyber framework. Regulatory compliance and liability issues are still a point of contention with industry and have to be worked out for cooperation to be most fruitful.
DHS has come a long way since 2002 and has elevated its technological and organizational capabilities in confronting security and terrorist threats. Cybersecurity is a major challenge to the nation’s economic and security welfare. It will require continued dedication, cooperation and leadership for DHS to successfully fulfill its growing leadership role.
Charles (Chuck) Brooks serves as vice president/client executive for DHS at Xerox. He has served as the first director of legislative affairs for the DHS science and technology directorate, where he was responsible for advocacy for the directorate on Capitol Hill. Brooks has been an adjunct faculty member at Johns Hopkins University, and has previously spent six years on Capitol Hill as a senior advisor to the late Senator Arlen Specter. He also served as President of Brooks Consulting International, leveraging extensive experience in executive management, government relations and R&D in the public and private sectors. He can be reached at: