Many people think of the word “infrastructure” and automatically think of a bridge or a road and then push it out of their minds and go about their daily life. But the reality is that our daily lives and the services we rely on are built upon a foundation of critical infrastructure that ranges from the power and water in our homes, to the banks and financial services we use and the transportation networks we travel. Critical infrastructure is what keeps our stores open, emergency services at the ready, and commerce flowing.
While we often take critical infrastructure for granted, it faces a number of constant and evolving threats, including severe weather, terrorism, and cyber attacks. Enhancing the security and resilience of the nation’s critical infrastructure requires a concerted national effort, which is why President Obama has again designated November as Critical Infrastructure Security and Resilience Month. This is a nationwide effort, led by DHS, to raise awareness and reaffirm our commitment to keeping the Nation’s critical infrastructure secure and resilient.
It’s no coincidence that Critical Infrastructure Security and Resilience Month comes on the heels of National Cybersecurity Awareness Month, as much of the nation’s physical infrastructure is intertwined with cyber networks and systems. Safeguarding both the physical and cyber aspects of critical infrastructure is a national priority that requires cooperation at all levels of government and private industry. Managing risks to critical infrastructure involves preparing for all hazards, reinforcing the resilience of our assets and networks, and remaining vigilant and informed. This is a mission to which DHS is committed.
Whether it’s an individual or family thinking about how they prepare for a disruption of critical infrastructure, or a business or industry that needs to take steps to ensure the services they provide are resilient to disruptions, November is a time to remember how much we rely on our nation’s critical infrastructure and ensure that we are as robust as possible.
We all need to play a role in keeping infrastructure strong, secure, and resilient. We can do our part at home, at work, and in our communities by familiarizing ourselves with emergency plans, preparing for disruptions, incorporating basic cyber safety practices, and making sure that if we see something, we say something and report suspicious activities to the appropriate law enforcement.
I encourage you to join us in recognizing the importance of the critical infrastructure that underpins our society and to do your part to help keep it secure and resilient.
To learn more, visit www.dhs.gov/critical-infrastructure-security-and-resilience-month.
Dr. Huban Gowadia delivers remarks at the University of Tennessee.
Last week, I had the honor of speaking to faculty and students at the University of Tennessee’s Institute for Nuclear Security, a key university partner of the U.S. Department of Homeland Security’s Domestic Nuclear Detection Office (DNDO). At DNDO, we are focused on preventing nuclear terrorism, and academia is critical in helping to build enhanced nuclear detection and forensics capabilities and developing the next generation of nuclear scientists that will help us make nuclear terrorism a prohibitively difficult undertaking.
At the lecture, I was joined by faculty and students from interdisciplinary backgrounds. I challenged students to begin thinking about the technical problems we face and to seek solutions with real world applications such as how we can improve enhanced wide area search capabilities; how we can ensure that detection equipment is both effective and affordable; and how we can best advance our already substantial capabilities in nuclear forensics to support rapid attribution of nuclear events. During the lively lecture, we discussed academia’s contributions to the development of enhanced capabilities to prevent nuclear terrorism.
In particular, the University of Tennessee is actively engaged in two of DNDO’s grant programs – the Academic Research Initiative and National Nuclear Forensics Expertise Development Program.
The Academic Research Initiative invests in multi-year, leading-edge research at academic institutions in order to advance our detection and forensics capabilities. At the University of Tennessee, DNDO has funded research on improved detection of shielded highly-enriched uranium, and two projects to improve detector resolution while reducing the overall manufacturing costs.
The National Nuclear Forensics Expertise Development Program is the U.S. Government’s comprehensive effort to grow and sustain the uniquely qualified technical expertise required to execute the Nation’s nuclear forensics mission. The University of Tennessee is one of 23 participating universities in the program, which supports over 300 undergraduate to post-doctoral students and faculty in nuclear and geochemical science specialties relevant to nuclear forensics. In fact, one University of Tennessee student is currently a graduate fellow in the program. Since the program’s inception, 21 new Ph.D. scientists have been added to the workforce.
DNDO remains committed to advancing our Nation’s nuclear detection and forensics capabilities and supporting a sustained nuclear expertise pipeline by leveraging the expertise of academic institutions like the University of Tennessee.
To learn more about opportunities involving the Academic Research Initiative, please visit http://www.dhs.gov/academic-research-initiative.
Information on student programs under the National Nuclear Forensics Expertise Development Program is available for the following programs:
One of the Department of Homeland Security’s priorities in cybersecurity is supporting small and medium-sized businesses. Like their larger counterparts, small and medium businesses frequently house sensitive personal data, and proprietary and financial information. And they are increasingly becoming targets for cyber criminals who recognize that smaller businesses may be easier to penetrate as they may lack the institutional knowledge and resources that larger companies have to protect their information.
DHS and our federal partners have dedicated significant resources to helping small and medium businesses improve their cybersecurity. Earlier this year, we put out a request for information to help us assist small and medium businesses adopt the NIST Cybersecurity Framework, a set of voluntary standards, guidelines, and practices. The Framework and the Department’s C3 Voluntary Program are designed to move cybersecurity from an afterthought in the IT budget of many businesses to an investment in risk mitigation based on potential consequences. Cybersecurity should be a discussion in every boardroom, independent of company size. By working together with the private sector, we can drive markets and innovation through economies of scale to deliver the best cybersecurity to all of our companies and citizens.
We have also worked with the Federal Communications Commission and others to develop a Small Biz Cyber Planner, a tool for businesses to create custom cybersecurity plans. The planner includes information on cyber insurance, advanced spyware, and how to install protective software. In addition, the Cybersecurity for Small Business training course, offered by the U.S. Small Business Administration, covers the basics of cybersecurity and information security, including the kind of information that needs to be protected, common cyber threats, and cybersecurity best practices.
The private sector provides various tools and resources for small and medium business owners as well. Internet Essentials for Business 2.0 is a guide for business owners, managers, and employees developed by the U.S. Chamber of Commerce. The guide focuses on identifying common online risks, best practices for securing networks and information, and what to do when a cyber incident occurs. The DHS Stop.Think.Connect.TM campaign recently added the National Association of Women Business Owners (NAWBO) as a partner to help us raise awareness amongst business owners about the importance of cybersecurity.
Every company is at risk. We must all budget and plan for the ability to keep operations running while we recover from an attack or attack attempt. The cyber adversaries are everywhere, and they prey on the uninformed and the complacent. If you are a business owner, we encourage you to take a few simple steps to improve your company’s cybersecurity. These include:
- Use and regularly update anti-virus and anti-spyware software on all computers; automate patch deployments across your organization to protect against vulnerabilities.
- Secure your Internet connection by using a firewall, encrypting information and hiding your Wi-Fi network.
- Establish security practices and policies to protect sensitive information; educate employees about cyber threats and how to protect your organization’s data and hold them accountable to the Internet security policies and procedures.
- Require that employees use strong passwords and regularly change them.
- Invest in data loss prevention software for your network and use encryption technologies to protect data in transit.
- Protect all pages on your public-facing websites, not just the checkout and sign-up pages.
- Consider cybersecurity as part of your overall corporate risk, and govern cybersecurity with a policy that comes from the Boardroom – and is part of your culture.
- Think about new and innovative ways to enhance cybersecurity and drive your business while you protect it.
For more information on National Cyber Security Awareness Month, visit www.dhs.gov/national-cyber-security-awareness-month-2014.
I am pleased to present the Privacy Office’s 2014 Annual Report to Congress, highlighting our achievements during the past year, from July 2013 to June 2014.
Earlier this year, the Privacy Office celebrated a decade of excellence marked by significant accomplishments, including:
- DHS’s Privacy Impact Assessment Official Guidance has become a model for other agencies and foreign countries.
- Publishing a directive on the Department’s operational use of social media, setting the standard for how other agencies embrace this technology.
At the beginning of its second decade, the Privacy Office spearheaded a briefing of the DHS Data Framework Project for the White House’s Big Data and Privacy Study, Big Data: Seizing Opportunities, Preserving Value, and contributed significantly to a chapter on the DHS Data Framework, illustrating how federal agencies can use technology to protect privacy.
We know that technology and innovation will continue to drive the development of new processes, ideas, and programs that help keep our nation safe. DHS must continue to adapt and respond thoughtfully with new policies and protections, with greater speed and efficiency.
In order to stay ahead of these challenges, the Department, especially the Privacy Office, must remain focused on the following priorities:
- Renewing our emphasis on being responsible stewards for the personal data of citizens and non-citizens alike;
- Critically assessing new systems and programs while working collaboratively with the operators and system designers to develop robust privacy protections;
- Expanding our service as a consultative organization that identifies, explores, and develops best practices for privacy and transparency;
- Continuing to mature and strengthen the privacy enterprise by setting and raising the bar for transparency;
- Increasing our engagement with the privacy community; and
- Modernizing privacy protections in some of DHS’s legacy IT systems.
Our work is never done. We will continue to ensure that DHS remains committed to protecting the privacy of all individuals, and to providing the highest level of transparency and accountability.
It is my hope and expectation that in the course of decades to come, the Privacy Office and the Department as a whole will be even more widely celebrated in its efforts to preserve our values as well as we protect the homeland.
Learn more about the Privacy Office.
We all are increasingly reliant on the Internet. Not just when we’re on a laptop or smart phone. The underlying critical infrastructure that provides essential services to all of us also is becoming more dependent on the internet. While these cyber-dependent networks and devices offer greater convenience and efficiency, they also come with potential risks and threats to our security.
DHS recognizes that these emerging cyber threats require the engagement of our entire society – from government to the private sector and members of the public. Pursuant to the President’s Executive Order 13636: Improving Critical Infrastructure Cybersecurity, the National Institute for Standards and Technology developed and released a Cybersecurity Framework, a collection of cybersecurity standards available to critical infrastructure owners and operators and governments. To help entities implement the Framework, DHS launched the C3 Voluntary Program. This public-private partnership assists businesses of all sizes, and at all levels, from the board room to the IT department and everyone in between, as well as government, educational institutions, and households all across the country, to become more secure online.
Consumers play an important role in helping to secure critical infrastructure not only by practicing good cyber hygiene themselves, but also by becoming well-informed about whether the companies and organizations they do business with adhere to high cybersecurity standards.
On an individual basis, consumers can:
- Beware of requests to update or confirm personal information online. Most organizations do not ask for personal information over email.
- Make sure websites that ask for personal information (e.g., to pay a utility bill) use encryption to secure their sites.
- Learn about steps to enhance security and resilience in local businesses and communities.
By working together, we can protect the critical infrastructure on which we all we rely, keeping ourselves, our families, and our communities safer and more secure from threats both physical and cyber.
Visit www.dhs.gov/national-cyber-security-awareness-month-2014 for more information about National Cyber Security Awareness Month.
I was extremely proud to join with my colleagues today from across the Department of Homeland Security, including the Federal Emergency Management Agency (FEMA), as we engage many of our friends in the 2014 Public Private Partnerships Conference. We are meeting with a wide range of public and private sector partners, such as the United States Northern Command and the U.S. Chamber of Commerce, to discuss the significant ways we have worked together and how we plan on building on our successes to create a stronger, more resilient, Nation.
The 2014 “Building Resilience through Public-Private Partnerships” conference is a forum that allows for the sharing of ideas, best practices and lessons learned with our partners throughout academia, government, the private sector, and internationally. This year’s conference includes key speeches from Secretary of Homeland Security Jeh Johnson, FEMA Administrator Craig Fugate, U.S. Chamber of Commerce Foundation Executive Vice-President Al Martinez-Fonts Jr., and CEO of the Weather Channel David Kenny.
The discussions over the course of the day and a half, and the relationships that will be forged and strengthened, will go a long way toward ensuring safe, secure and resilient communities where our way of life can thrive.
Over the years, as we’ve faced many challenges from natural disaster or from others who look to harm our Nation, we have found that challenges are best met and handled through partnerships across Federal, state and local governments, the private sector, and non-profit and faith-based organizations.
The 2014 conference is highlighting successful partnerships across the homeland security enterprise and identifies ways to ensure a true unity of effort toward shared goals. Each year, the conference attracts over 450 participants who look to promote innovation in furthering ongoing partnerships across the enterprise. Just a few of the topics of discussion this year include: “The Evolving Threat Environment,” “Bridging the Cyber-Physical Connection,” “Public-Private Partnerships in Action,” and “Business Continuity and Corporate Philanthropy: Why Resilience is Good for the Corporate Will.”
For additional information, visit the 2014 Building Resilience through Public-Private Partnerships Conference page and remember to follow us on Twitter at: #PPPConf
Information technology (IT) exists in almost all of the products that we use. IT products help us run our homes, businesses, and cities and help us to stay in touch with loved ones around the world. As we embrace new technologies, we must acknowledge the security challenges and potential threats that inadvertently accompany them. An entire industry has been developed to help secure these products, including anti-virus software and malware detectors, security services firms, and offices dedicated to protecting information technology.
As software becomes more complex, discovering vulnerabilities within these systems also becomes more difficult. For example, the recent Heartbleed vulnerability existed within popular encryption software for two years before it was discovered.
Not every household or company is able to ‘employ’ cyber professionals to ensure that their IT products are secure. Therefore, during National Cyber Security Awareness Month, we are looking at the importance of securely developing IT products to decrease the number of vulnerabilities in software as it is built. This involves following a software development lifecycle and adding security features, like encrypting information and requiring strong passwords. Building software so that it is secure from the beginning helps us all.
Government and industry groups must work together in this endeavor, setting and maintaining high cybersecurity standards across all critical infrastructure industries. In this spirit, the Department of Homeland Security (DHS) developed the Software Assurance Program, which seeks to reduce software vulnerabilities, minimize exploitation, and address ways to improve the routine development and deployment of trustworthy software products. Through a public-private partnership, the Software Assurance Program is designed to spearhead the development of practical guidance and tools and to promote research and development investment in cybersecurity.
Regardless of how secure our IT products are, everyone has a role to play in protecting our cybersecurity. Individual users can and should take a few steps to improve their cybersecurity. For instance, when purchasing software or hardware, consumers should:
- Install and maintain vendor-distributed patches or updates
- Ensure they are using the latest operating systems on their computers and mobile devices
- Use strong passwords
To learn more about software and applications, visit the US-CERT tips and advice page.
Secure IT products also do not excuse people from practicing unsafe online behavior. I encourage everyone to stop and think about the choices they make when online, and to connect with care and caution. For general online safety tips and resources, visit the Stop.Think.Connect.™ campaign resource guide.
I also encourage people to consider a career in cybersecurity. The country is in need of a strong cybersecurity workforce to help build the secure IT products of the future. Learn more about cyber careers at www.dhs.gov/join-dhs-cybersecurity.
To learn more about National Cyber Security Awareness Month 2014, visit www.dhs.gov/national-cyber-security-awareness-month-2014.
This week marks the start of National Cyber Security Awareness Month 2014, a time to reflect on our cybersecurity practices and promote greater online safety for all Americans. Thanks to technology, the world is more interconnected than ever before. Through the Internet, people across the globe can connect to each other and conduct more of their business and personal activities online. People can bank exclusively online, stay in touch with family and friends, control their homes and cars from their smartphones, and work remotely from almost anywhere. But with the convenience of the Internet also comes potential threats to our personal information and security.
Being online exposes us to cyber criminals and others who commit identity theft, fraud, and harassment. Every time we connect to the Internet – at home, at school, at work, or on our mobile devices – we make decisions that affect our cybersecurity. Emerging cyber threats require engagement from the entire American community to create a safer cyber environment—from government and law enforcement to the private sector and, most importantly, members of the public.
National Cyber Security Awareness Month is designed to engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cybersecurity and increasing the resiliency of the nation in the event of a cyber incident. Throughout this month, DHS and its partners will host numerous events across the country and distribute of resources and materials to the public. Year-round, we also engage the public through the Stop.Think.Connect.™ campaign to encourage Americans to practice safe online behavior.
Organizations can support National Cyber Security Awareness Month by hosting an event in their community or distributing cybersecurity tips and resources such as the Stop.Think.Connect.™ toolkit.
With a few simple steps, all Internet users can improve their cyber hygiene during October and throughout the year. These include:
- Set strong passwords and don’t share them with anyone.
- Keep your operating system, browser, and other critical software optimized by installing updates.
- Maintain an open dialogue with your family, friends, and community about Internet safety.
- Limit the amount of personal information you post online and use privacy settings to avoid sharing information widely.
- Be cautious about what you receive or read online—if it sounds too good to be true, it probably is.
Stay tuned for news and events throughout National Cyber Security Awareness Month. For more information, visit http://www.dhs.gov/national-cyber-security-awareness-month-2014.
Posted by: Mike Kangior, Senior Director of Resilience Policy & Matt Fuchs, Deputy Director of Resilience Policy
Yesterday, the Department of Homeland Security (DHS) recognized the nation’s first recipients of Resilience STARTM designations during a ceremony hosted by the Insurance Institute for Business & Home Safety (IBHS). The Resilience STARTM Home Pilot Project is part of the Department’s continuing effort to work with our state, local, and private sector partners to ensure our local communities are resilient in the face of all disasters.
Yesterday’s ceremony recognized homeowners who have met the goals of the DHS Resilience STARTM Pilot Project, which promotes home design features that are both affordable and proven to enhance resilience to disasters such as hurricanes. Earlier this year, DHS began soliciting applications from builders, homeowners, and third-party evaluators to participate in the Pilot Project. Several hurricane-prone coastal communities in Alabama and Mississippi were chosen for the projects, and the pilot homes were built or retrofitted, and evaluated by independent third parties to ensure that homes meet IBHS standards for structural resilience.
The Resilience STARTM designation is given to homes that are built or retrofitted to withstand damage from specific natural disasters, utilizing the standards and third-party verification process in the IBHS FORTIFIED HomeTM program. The FORTIFIED standards are designed to improve the quality of residential construction and feature practical, meaningful solutions for new and existing homes throughout the United States.
Through initiatives like the Resilience STARTM Home Pilot Project, we can continue to increase the readiness and resilience of our communities. In the coming months, it is anticipated that DHS will launch additional pilot projects.
For more information on the Resilience STAR™ Home Pilot Project, visit https://www.disastersafety.org/resilience-star/.
Posted by Megan H. Mack, Officer for Civil Rights and Civil Liberties
Being able to communicate efficiently and effectively is critical to the Department of Homeland Security’s diverse missions. Today, I am pleased to announce the release of draft Language Access Plans from the Department’s component agencies, which address the language needs of persons with limited English proficiency.
These Language Access Plans, developed pursuant to Executive Order 13166, Improving Access to Services for Persons with Limited English Proficiency and the DHS Language Access Plan issued in February 2012, provide a framework for the Department’s components and offices to improve our delivery of language services for diverse communities across the country.
The Department is now seeking the public’s input to ensure that we are providing meaningful access to our programs and activities for our stakeholders, including persons with limited English proficiency and the organizations that represent them. Your input will assist us in continuing to develop approaches to ensure meaningful access by persons with limited English proficiency that is “practical and effective, fiscally responsible, responsive to the particular circumstances of [DHS], and can be readily implemented.”
The following components and offices have draft plans available for your comments: Federal Emergency Management Agency, Transportation Security Administration, U.S. Citizenship and Immigration Services; U.S. Coast Guard, U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, U.S. Secret Service, Office of Civil Rights and Civil Liberties Office of Inspector General; National Protection and Programs Directorate, Federal Protective Services, and the Office of the Citizenship and Immigration Services Ombudsman.
DHS welcomes your feedback from now through October 31, 2014, by providing written comment or through participating in stakeholder engagement meetings. The Office of Civil Rights and Civil Liberties, together with representatives from across the Department and the federal government, will review your comments and work to implement your suggestions in the final version of the plans.
We are proud of the work the Department has done to address the critical language needs of our country’s diverse landscape. The Office of Civil Rights and Civil Liberties will continue to support the Department’s goal to ensure that all individuals can meaningfully participate in DHS programs and activities through language access.
To learn more about the draft DHS Language Access Plans and to find opportunities to provide input at one of the stakeholder meetings, please contact email@example.com. CRCL has access to interpreters and translators and can communicate with you in any language, for those who do not speak or write in English.