On May 16, 2018 the Department of Homeland Security released a new strategy to provide the Department with a framework to execute their cybersecurity responsibilities during the next five years. This approach is designed to help them keep pace with the evolving cyber risk landscape by:
- Reducing vulnerabilities and building resilience
- Countering malicious actors in cyberspace
- Responding to incidents
- And making the cyber ecosystem more secure and resilient
This slideshow highlights the key priorities, objectives and goals outlined in the U.S. Department of Homeland Security Cybersecurity Strategy.
By 2023, the Department of Homeland Security will have improved national cybersecurity risk management by increasing security and resilience across government networks and critical infrastructure; decreasing illicit cyber activity; improving responses to cyber incidents; and fostering a more secure and reliable cyber ecosystem through a unified departmental approach, strong leadership, and close partnership with other federal and nonfederal entities
PILLAR I – RISK IDENTIFICATION
The Department of Homeland Security must understand the global cybersecurity landscape and associated risks at the strategic level to effectively allocate our resources and prioritize departmental efforts to address vulnerabilities, threats, and consequences across all of our cybersecurity activities.
PILLAR II – VULNERABILITY REDUCTION
The Department of Homeland Security works to reduce organizational and systemic vulnerabilities across the federal enterprise, including our own networks, as well as other nationally critical systems and assets. Through technical capabilities, cybersecurity information, and other assistance, we empower our stakeholders to better manage their cybersecurity risks.
PILLAR III – THREAT REDUCTION
The Department of Homeland Security law enforcement agencies investigate and reduce threats from cyber criminals. In partnership with other law enforcement agencies, DHS must prevent cyber crime and disrupt criminals and criminal organizations who use cyberspace to carry out their illicit activities and leverage identified threat activity and trends to inform national risk management efforts.
PILLAR IV – CONSEQUENCE MITIGATION
The Department of Homeland Security must limit the impact of potentially significant cyber incidents by leveraging our unique emergency management expertise and insights from network protection and law enforcement efforts.
PILLAR V – ENABLE CYBERSECURITY OUTCOMES
The Department of Homeland Security must enable improved cybersecurity risk management outcomes by supporting policy and operational efforts that make the entire cyber ecosystem more secure and reliable. These efforts help shift the advantage away from malicious cyber actors toward those protecting cyberspace. DHS must similarly look internally to align our efforts to maximize cybersecurity outcomes.
To drive the objectives outlined throughout the 5 Pillars, DHS has set the following 7 Goals:
- Assess Evolving Cybersecurity Risks. DHS will understand the evolving national cybersecurity risk posture to inform and prioritize risk management activities.
- Protect Federal Government Information Systems. DHS will reduce vulnerabilities of federal agencies to ensure they achieve an adequate level of cybersecurity.
- Protect Critical Infrastructure. DHS will partner with key stakeholders to ensure that national cybersecurity risks are adequately managed.
- Prevent and Disrupt Criminal Use of Cyberspace. DHS will reduce cyber threats by countering transnational criminal organizations and sophisticated cyber criminals.
- Respond Effectively to Cyber Incidents. DHS will minimize consequences from potentially significant cyber incidents through coordinated community-wide response efforts
- Strengthen the Security and Reliability of the Cyber Ecosystem. DHS will support policies and activities that enable improved global cybersecurity risk management.
- Improve Management of DHS Cybersecurity Activities. DHS will execute our departmental cybersecurity efforts in an integrated and prioritized way.
The Department of Homeland Security will advance their mission and accomplish their cybersecurity goals by aligning departmental activities according to the following guiding principles:
- Risk prioritization. The foremost responsibility of DHS is to safeguard the American people and we must prioritize our efforts to focus on systemic risks and the greatest cybersecurity threats and vulnerabilities faced by the American people and our homeland.
- Cost-effectiveness. Cyberspace is highly complex and DHS efforts to increase cybersecurity must be continuously evaluated and reprioritized to ensure the best results for investments made.
- Innovation and agility. Cyberspace is an evolving domain with emergent risks. Although the proliferation of technology leads to new risks, it also provides an opportunity for innovation. DHS must lead by example in researching, developing, adapting, and employing cutting-edge cybersecurity capabilities and remain agile in its efforts to keep up with evolving threats and technologies
- Collaboration. The growth and development of the Internet has been primarily driven by the private sector and the security of cyberspace is an inherently cross-cutting challenge. To accomplish our cybersecurity goals, we must work in a collaborative manner across our Components and with other federal and nonfederal partners.
- Global approach. Robust international engagement and collaboration is required to accomplish our national cybersecurity goals. DHS must engage internationally to manage global cyber risks, respond to worldwide incidents, and disrupt growing transnational cyber threats as well as encourage other nations and foreign entities to adopt the policies necessary to create an open, interoperable, secure, and reliable Internet.
- Balanced equities. Cyberspace empowers people and enables prosperity worldwide. Cybersecurity is not an end unto itself, and efforts to mitigate cybersecurity risks must also support international commerce, strengthen international security, and foster free expression and innovation.
- National values. DHS must uphold privacy, civil rights, and civil liberties in accordance with applicable law and policy. The Department empowers our cybersecurity programs to succeed by integrating privacy protections from the outset and employing a layered approach to privacy and civil liberties oversight.
To learn more about The Department of Homeland Security's Cybersecurity approach join us this October at the 2018 Homeland Security Week
Credits:
Created with images by muadek - "glass scifi violet" • Ash Edmonds - "untitled image" • B_A - "hacker silhouette hack" • dominickide - "cyber security recruitment professional" • geralt - "cyber attack encryption" • VISHNU_KV - "cyber security online computer" • rawpixel - "untitled image" • Kyle Johnson - "untitled image" • NeONBRAND - "untitled image" • Jacob Morrison - "Person holding American flag"