DHS is mindful that one of its missions is to ensure that privacy, confidentiality, civil rights and civil liberties are not diminished by the Department’s security initiatives. Accordingly, the Department has implemented strong privacy and civil rights and civil liberties standards into all its cybersecurity programs and initiatives from the outset. In order to protect privacy while safeguarding and securing cyberspace, DHS institutes layered privacy responsibilities throughout the Department, embeds fair information practice principles into cybersecurity programs and privacy compliance efforts, and fosters collaboration with cybersecurity partners.
On February 12, 2013, President Obama signed an Executive Order on Improving Critical Infrastructure Cybersecurity. The Executive Order clears the way for more efficient sharing of cyber threat information between government and the private sector, while directing federal departments and agencies to incorporate robust privacy and civil liberty protections into all of their cybersecurity activities. The Executive Order’s privacy protections are based upon the widely-accepted Fair Information Practice Principles, and other applicable privacy and civil liberties frameworks and polices. The Administration has a strong commitment to privacy in cyberspace, including last year unveiling a “Privacy Bill of Rights” based on the Fair Information Practice Principles to protect consumers online.
There are eight Fair Information Practice Principles that serve as the framework for integrating privacy protections into everything we do:
- Individual Participation
- Purpose Specification
- Data Minimization
- Use Limitation
- Data Quality and Integrity
- Accountability and Auditing
Using these principles, DHS ensures privacy is an integral part of its operations, starting from a program’s early development and continuing through its implementation.
DHS is committed to protecting privacy, civil rights, and civil liberties. Successfully implementing the Executive Order and protecting the nation’s cyber and physical infrastructure will require the Department to be transparent. As part of this commitment to transparency, DHS posts its privacy impact assessments and privacy compliance reviews online. The Executive Order also requires regular assessments, and public reporting, of privacy and civil liberties impacts across the federal government.
The President’s actions mark an important milestone in the Department’s ongoing efforts to coordinate the national response to significant cyber incidents while enhancing the efficiency and effectiveness of our work to strengthen the security and resilience of critical infrastructure. In developing the Executive Order, the Administration sought input from stakeholders of all viewpoints in industry, government, and the advocacy community. Their input has been vital in crafting an order that incorporates the best ideas and lessons learned from public and private sector efforts while ensuring that our information sharing incorporates rigorous protections for individual privacy, confidentiality, and civil liberties. Indeed, as we perform all of our cyber-related work, we look forward to engaging all of our stakeholders to achieve cybersecurity together.
Posted by David V. Aguilar, Deputy Commissioner, U.S. Customs and Border Protection
During the month of March, and throughout 2013, we are commemorating the tenth anniversary of the Department of Homeland Security. In recognition of this important milestone, leaders from across the Department and its component agencies will be discussing their beginnings, their present operations, and what’s to come.
I recently sat down to answer a few questions on U.S. Customs and Border Protection (CBP), looking back at its history, and ahead to its future. CBP joins with our colleagues across the DHS enterprise in marking a decade of unprecedented achievement in serving our Nation and the American people.
How did CBP operate when it was created in 2003, and what were some of the challenges that the new agency faced?
Ten years ago, men and women from four different agencies, united by the threat of imminent terrorism, came together to create the world’s first comprehensive border enforcement and facilitation agency. CBP became responsible for protecting our country from all threats, with antiterrorism being our top priority. At the time, the stakes were high and roadmaps were nonexistent, but we came together as an agency built on pride, relentless effort and strength of character.
How does CBP operate today, and what have been some important milestones?
Today, the 60,000 men and women of CBP secure more than 8,000 miles of land and coastal borders as we supplement and strengthen DHS’ multilayered approach to security. Through the unprecedented deployments of personnel, technology, infrastructure, and other resources, DHS has strengthened security across all U.S. borders while facilitating international travel and trade. We screen cargo and passengers at more than 400 air, land and sea port locations. We protect U.S. agricultural resources by preventing the introduction of disease or pests from overseas. We have established important partnerships with government, military, private industry and our citizens to enhance security and efficiency of processes. And we protect and insure our country’s economic prosperity and competitiveness.
On a typical day, CBP:
- Processes nearly a million passengers entering the country;
- Inspects 66,000 truck rail and sea containers;
- Seizes nearly 6 tons of illicit drugs;
- And apprehends more than a thousand individuals for violations or outstanding criminal warrants.
What do you see as the future of CBP, and of the larger DHS?
In the ten years since the creation of this agency, I am proud to say that the men and women of CBP have risen to every challenge and have built a strong foundation for administering the world’s most secure and efficient borders. Looking ahead, we will continue working to make our processes efficient and effective. Our guiding principle is that security and facilitation are interrelated, complementary responsibilities that must be mutually supportive.
Our borders are more secure today than ever before, and that is a testament to the diligence of the men and women of CBP who work on the front lines to keep us safe.., and the U.S. will continue to be true to its ideals by continuing to be a welcoming and safe nation.
Yesterday, DHS’ Domestic Nuclear Detection Office (DNDO) and U.S. Coast Guard Sector New York coordinated with law enforcement and other first responders from New York and New Jersey, to deploy nuclear detection equipment and personnel on the local waterways in the New York City-Newark metropolitan area. The purpose of this deployment was to screen vessels for potential illicit radiological and nuclear materials, train detection boat crews, as well as to test equipment and detection capabilities, as part of DNDO’s Securing the Cities (STC) Program.
State, local and tribal law enforcement and first responders are important partners in strengthening the Global Nuclear Detection Architecture (GNDA). The STC program is designed to enhance the nation’s ability to detect and prevent a radiological or nuclear attack in cities facing the highest risk.
As part of the STC program, the New York City-Newark region conducts close to 50 such maritime deployments annually, which enables first responders to test and enhance their capabilities to detect and interdict radiological and nuclear material outside of regulatory control.
This operation provided an opportunity for DNDO to observe and take away many best practices and lessons learned, to further develop and strengthen the GNDA. We are committed to working together with our regional partners to conduct training and exercises to further enhance law enforcement and first responder organizations’ efforts to identify, prevent and respond to potential nuclear or radiological threats.
Posted by Bobbie Stempfley, Acting Assistant Secretary for Cybersecurity and Communications
It’s that time of the year again when many Americans prepare to file their tax returns. With risk of tax-related identity theft, the Internal Revenue Service (IRS) is taking a wide variety of steps to combat identity theft and refund fraud, protect taxpayers and assist victims of identity theft. There are also steps taxpayers can take to protect themselves.
When it comes to your taxes, identity theft often starts outside of the tax administration system. Cyber criminals are constantly on the prowl for Social Security Numbers and other personal information they can exploit for fraudulent purposes. Identity thieves may use a taxpayer’s identity to fraudulently file a tax return and claim a refund. The legitimate taxpayer may be unaware that anything has happened until they file their return later in the filing season, and it is discovered that two returns have been filed using the same Social Security Number.
When you file your taxes this year, follow these tips from the IRS and Department of Homeland Security’s Stop.Think.Connect. campaign to help safeguard your personal information:
- Don’t give out your personal information unless it is a trusted entity. The IRS does not initiate contact with taxpayers by email, text messages, or social media to request personal or financial information.
- Look out for phony messages purporting to be from the IRS and don’t fall victim to tax scams. Exercise caution when opening suspicious email attachments and do not click on unsolicited Web links in email messages. Pay special attention to offers that sound too good to be true such as “guaranteed refunds.” Scammers who are trying to gain access to financial information may use the IRS name or logo in email messages and sites in order to steal identities and assets. Ensure you have typed www.IRS.gov into your Web browser to be certain you have the authentic IRS site.
- Report phishing attempts. All unsolicited emails claiming to be from either the IRS or any other IRS-related components such as the Office of Professional Responsibility or Electronic Federal Tax Payment System (EFTPS) should be reported to email@example.com. See www.IRS.gov/phishing for details.
- Back up your data and store your electronic tax files securely. Last year, nearly 100 million taxpayers opted for the safest, fastest and easiest way to submit their individual tax returns — IRS e-file. While preparing your tax return for electronic filing, make sure to use a strong password to protect the data file. Once your return has been e-filed, burn the file to a CD, DVD or flash drive and remove the personal information from your hard drive. Store the portable device in a secure place, such as a lock box or safe. If you are working with an accountant, ask them what measures they take to protect your information.
- Check privacy policies. Be careful with the information you share online. To learn how to identify a secure website, visit the Federal Trade Commission.
To ensure cybersecurity for our entire society, each of us must play our part. It only takes a single infected computer to potentially infect thousands and perhaps millions of others. Everyone should make basic cybersecurity practices as reflexive as putting on a seatbelt. These basic measures can improve both our individual and our collective safety online.
As part of the effort to recognize the DHS ten year anniversary, I recently sat down with my colleagues to discuss some of the recent milestones at FEMA and the agency’s priorities moving forward. Some of the examples we talk about are from recent events, including Hurricane Sandy. This is the second in a two-part series, and you can read more questions and answers in Part One.
The team at FEMA has taken some big, forward steps in the last few years that have changed outcomes for those impacted by disasters, but we must continue to improve if FEMA and DHS are going to meet future threats. With that, here are some of the questions and my responses:
Q: How does building capacity on a national level translate to the planning that happens in emergency management or to the response efforts after a disaster?
Shifting the mindset towards scenarios of national consequence goes hand-in-hand with our focus on planning for those threats that are bigger than what we can already do.
You can’t change the disaster based on what your capabilities to respond are, so we’ve put an emphasis on threats of national significance. These are events (like a terrorist attack with an improvised nuclear device, earthquakes, or multiple hurricanes) that would not only overwhelm the resources of a state, but multiple states. Planning and executing at this level requires creative problem solving – it doesn’t allow you to simply scale up your programs and assistance effectively based on how you used to do it.
The response to Hurricane Sandy was one example. Before Sandy struck, FEMA had existing plans for how to set up disaster recovery centers (DRCs), places where those impacted by the storm can register for assistance and discuss assistance options with staff from FEMA and the state. We found that our current way of getting out assistance was not scalable for a population-dense area like New York and New Jersey – so now we’re redesigning that process (and our disaster recovery centers) from the ground up. We’re looking at how we can get assistance to a large number of people with sparse communication as quickly as possible, while minimizing the number of times those individuals need to contact FEMA.
We sent FEMA staff with internet-capable tablets out into the hardest hit areas. We brought the registration process and “the DRC” to disaster survivors – registering them for assistance at FEMA’s mobile webpage on tablets while talking through various assistance options at the federal, state, and local levels.
Those kinds of changes show the progress FEMA has made over the last several years. It’s getting away from the trap of designing small systems that work in environments we’re comfortable with and shifting the focus towards preparing for national threats and building capabilities that can respond to events that have a national consequence.
And speaking of Hurricane Sandy, it’s worth noting the role the DHS Surge Capacity Workforce played in FEMA’s response. By calling on several thousand employees from other DHS components, we were able to fill out our response effort at the federal level. It’s about more than just the sheer number of staff that came with the surge. When I say “fill out”, the DHS surge allowed FEMA to add capabilities, which is always more important than just adding numbers to the role. FEMA will definitely utilize the DHS surge in future large-scale disasters because of the benefits we saw after Hurricane Sandy.
Q: What are a few of your priorities moving forward?
Moving ahead, we need to do more to reduce the nation’s overall cost and vulnerability to disasters. Just preparing, responding, and rebuilding isn’t going to do it, there needs to be a focus on resiliency. We can’t continue to afford the losses of disasters and go through the painful rebuilding and recovery process.
Part of the solution is effectively transferring risk. The federal government, and thus, taxpayers nationwide, shouldn’t be taking on financial risk at a greater rate for those communities that face the consistent threat of a disaster or emergency of national consequence. The benefits that taxpayers receive (through taxes, jobs, economic stimulus, etc.) should be directly proportional to the risk they are bearing.
Better management of how and where we build, smarter building codes, and land use management are a few things that can reduce the risk of disasters having a high impact, which is a start. But we may need to look at mitigation differently.
As an example, one term that’s frequently used in risk management is the “100-year event”, or an event that has a one percent chance of occurring in any given year. These are supposed to be rare occurrences, but how many of these “100 year events” have we had in the last few years alone? Does that term still accurately capture what the vulnerabilities are, or should a new standard be used?
We should be planning and looking at risk not just for the 100-year events, but also adapting to the changing circumstances around that risk. There’s a lot of debate about climate change, but I’m more concerned with climate adaptation and ensuring we are adapting at a greater rate than our exposure to risk is increasing.
And there are certainly improvements that FEMA can make as an organization. Continuing to focus on affecting change at the national level, while still keeping a focus on positive outcomes for individuals and families impacted by disasters – that’s what I’m going to keep pushing for.
As part of the effort to recognize the DHS ten year anniversary, I recently sat down with my colleagues to discuss some of the recent milestones at FEMA and the agency’s priorities moving forward. Some of the examples we talk about are from recent events, including Hurricane Sandy.
The team at FEMA has taken some big, forward steps in the last few years that have changed outcomes for those impacted by disasters, but we must continue to improve if FEMA and DHS are going to meet future threats. With that, here are some of the questions and my responses:
Q: How has FEMA changed in the last few years? What are a few of the milestones that mark those changes?
The biggest change is shifting focus first and foremost on the threats we face as a nation, not on a jurisdiction-by-jurisdiction basis.
The national Urban Search and Rescue teams are one example. These are the best of the best. They are the most capable and best equipped search and rescue units in the country – some of these teams went to Haiti after the 2010 earthquake. But these teams can be expensive. Traditionally, they were seen as a resource for their local jurisdiction. Yet, very few communities were able to afford these teams and at the end of the day, the country wasn’t going to have enough teams to significantly raise its ability to respond to large-scale events. We were piecing together resources and capabilities to prepare community-by-community and hoping that it all added up to a more prepared nation.
Think about it. Lots of grant money has been given to state and local governments to build capabilities, but what did they get for it? In the case of Urban Search and Rescue, there were some jurisdictions that had fully equipped teams, but other communities that weren’t as capable to respond.
That's because we were providing funding through grants aimed at a community-by-community approach, so some ended up being left out. Now, DHS and FEMA have shifted the focus of the search and rescue teams to act as a national resource that can be used in any emergency in any jurisdiction where local and state resources are overwhelmed. We’ve also funded more teams to create a second tier of search and rescue capabilities. This creates more shared resources at the national level while maintaining the capability at the local community level.
Q: Are there other examples that show this shift?
Under the direction of Secretary Napolitano, our grant programs have changed in the last few years to reflect this national approach as well. Now grant programs recognize things like Emergency Management Assistance Compacts that allow states to share capabilities and resources in the event of an emergency. No community can prepare independently for all catastrophic risks, so emphasizing shared resources is critical to building capacity on a national scale.
So it’s starting with questions like: What threats do we face as a nation? What are the scenarios that require additional federal resources, and how can we build our capabilities there? By answering these questions, we can prioritize what we’re going to fund at the federal level and drive unity of effort towards a nation that’s better prepared. We’re looking at scenarios of national consequence, not just the jurisdiction-by-jurisdiction approach we tended to follow in the past.
Originially posted by the Information Sharing Environment (ISE)
Information sharing between federal, state, local, tribal and territorial partners is critical to our nation’s security. Today, I am pleased to announce that the Department of Homeland Security (DHS) has updated our Information Sharing Segment Architecture (ISSA) that will serve as a road map to guide our implementation and investment efforts in information sharing.
This update, known as ISSA Version 3.0, introduces a standard set of information sharing capabilities and the technical capabilities necessary to enhance information sharing across DHS and our partners. It takes into consideration the continued maturity of the Department and focuses on improving our network of trust, enhancing our ability to securely and efficiently share information with stakeholders—especially the Intelligence Community— and providing information proficiently across the Department.
The ISSA serves as the guide to describe and implement the “To-Be,” or target architecture, of the DHS Information Sharing Environment (DHS ISE). This cross-cutting architecture will provide the entire DHS mission and enterprise functions with the business policies, strategies, leadership, architecture, and governance needed to provide a consistent set of services and capabilities for the sharing of information.
The ISSA is intended to direct the target DHS ISE and transition strategy so that data and information is secure and:
- Accessible – Available in a convenient form with intuitive tools;
- Understandable – Able to be used efficiently, leveraging common terminology;
- Interoperable – Easily combined and compared with other data and information;
- Trusted – Available to users with accuracy and currency, including the source of the data and information;
- Repeatable – Consistently delivered over time; and
- Safeguarded – Protected from loss or misuse.
The ISSA provides a blueprint for establishing a target DHS ISE designed to ensure that access to information does not hinder, but rather strengthens, our homeland security mission. Effective information sharing supports the core mission of DHS and serves as a valuable component of a comprehensive risk mitigation plan to keep our nation safe. Through the implementation of the ISSA Version 3.0, DHS will able to:
- Achieve interoperability through common standards;
- Identify redundancies and potential technological conflicts;
- Locate opportunities to leverage and/or collaborate;
- Identify information sharing gaps and shortfalls;
- Align technology to mission goals and objectives; and
- Gain a more thorough understanding of the complete functionality being provided by a specific target or technology for information sharing.
This architecture is a result of collaboration among mission and business owners across the Department, and helps us make great strides in establishing the target architecture necessary for the DHS ISE.
I look forward to the next phase of this critical work. The value of this architecture lives in its implementation by all DHS systems that share data and information with internal and external partners. Operating together under this road map, our Department has the ability to operate as “One DHS”, to ensure a safer, more secure and more resilient nation.
Ten years ago today, the U.S. Department of Homeland Security (DHS) began its operations, unifying 22 legacy agencies within a single department with a common mission: to safeguard America and integrate our Nation’s capabilities to prevent, protect against, respond to, and recover from threats and disasters of all kinds.
DHS has helped transform the way we secure our Nation over the last ten years, making our efforts more agile, proactive, and coordinated. Today, we are also smarter about how we assess risks, and how we mitigate them.
And a decade after the creation of a Cabinet-level agency bearing that name, homeland security has come to mean much more. It means the coordinated work of hundreds of thousands of dedicated and skilled professionals, and more than ever, of the American public: our businesses and families, communities and faith-based groups. We are safer and more secure than ever before, and DHS stands ready to confront our future challenges.
During March, we will recognize and celebrate the work of DHS employees from across the country and around the world through a number of initiatives. Earlier this week, I delivered the State of Homeland Security at the Brookings Institution in Washington, DC. It summarizes the past (DHS 1.0), the present (DHS 2.0) and the future of the Department (DHS 3.0).
I encourage you to learn more about the Department, and to stay tuned for additional updates as you share with us in the celebration of our ten year anniversary.
On behalf of the hundreds of thousands of men and women … the Coast Guardsman who rescues a sailor; the TSO who keeps a loaded gun off a plane; the cyber expert who prevents harm to our banking system; the FEMA worker who comforts a destitute family; the Border Patrol agent who spends days and weeks in 100 degree plus temperatures patrolling our border; the scientist who figures out a better way to protect a plane; we commemorate our beginnings; our maturation; and our future. This is not a day just to look back and pat ourselves on the back. It’s a day to re-commit and to move forward.
At the Department of Homeland Security’s (DHS) Domestic Nuclear Detection Office (DNDO), we plan and prepare for the unthinkable. DNDO is the primary entity in the U.S. government for the integration of federal nuclear forensics programs. In mid-February we helped plan an exercise in Suffolk County, N.Y. to assess our national nuclear forensic capabilities.
The National Technical Nuclear Forensics Ground Collections Task Force, in coordination with Suffolk County Law Enforcement and Emergency Management Agencies, participated in exercise “Prominent Hunt 13-2.” The Task Force, which includes the Departments of Defense and Energy, and the FBI, is a crucial component of the national nuclear forensics program. The job of the Task Force is to collect information and nuclear debris near the site, in the event of a nuclear detonation, for analysis at designated laboratories. The results of this nuclear forensic analysis would enhance the law enforcement investigation and intelligence information to assist in the identification of those responsible for such an attack.
DNDO both facilitated the exercise, and acted as a liaison for exercise control between the Task Force and the Suffolk County participants, demonstrating our critical partnership with state and local partners, such as Suffolk County.
Despite blizzard-like conditions, the Task Force adapted to the challenging environmental conditions and successfully completed the exercise. Operations were conducted to standard; planned collection missions were completed; and all exercise objectives were met. Participants in this exercise developed valuable lessons learned and best practices that will enhance our national nuclear forensic capabilities.
Secretary of Homeland Security Janet Napolitano will deliver the third annual “State of America’s Homeland Security” address during an event hosted by the Brookings Institution. Following her remarks, Secretary Napolitano will participate in a brief discussion with the audience, moderated by Brookings Institution Senior Fellow Elaine Kamarck.
You can watch the “State of America’s Homeland Security” speech live here begining at 10AM EST, and follow along on Twitter using #BIDHS.