This week, DHS achieved an important milestone towards better protecting government networks from cyber attacks. The General Services Administration yesterday announced a contract award that will allow government agencies to partner with the Department of Homeland Security (DHS) to deploy Continuous Diagnostics and Mitigation (CDM) technology that will enhance the security and resilience of their networks – better safeguarding both the sensitive data on those networks and the critical functions they provide to all Americans.
Through the CDM program, DHS works with partners across the entire Federal executive branch civilian government to deploy and maintain an array of sensors for hardware asset management, software asset management and whitelisting, vulnerability management, compliance setting management and feed data about an agency’s cybersecurity flaws and present those risks in an automated and continuously-updated dashboard. CDM, which will also be available for state and local entities as well as the defense industrial base sector, provides our stakeholders with the tools they need protect their networks and enhance their ability to see and counteract day-to-day cyber threats.
Whether to receive important health or emergency information or to check on the provision of essential government services, millions of Americans visit government websites every day. While increased connectivity has transformed and improved access to government, it also has increased the importance and complexity of our shared risk. The growing number of cyber attacks on Federal government networks is growing more sophisticated, aggressive, and dynamic.
Government computer networks and systems contain information on national security, law enforcement, and other sensitive data, including information about federal employees and others. It is paramount that the government protects this information from theft and protects networks and systems from attacks while continually providing essential services to the public. As the department responsible for securing unclassified federal civilian government networks—the “dot-gov” domain—DHS coordinates the national response to significant cyber incidents and maintains a common operational picture for cyberspace across the government. Part of that responsibility includes network intrusion detection and prevention technology under a program known as Einstein. When both programs are implemented, they will provide complementary protections across the dot-gov domain, further protecting the government’s infrastructure and the nation’s data.
Under the CDM program, participating departments and agencies will be able to enhance their cybersecurity assessments by implementing automated network sensor capacity and prioritizing risk alerts. Results will feed into agency-level dashboards that produce customized reports that alert information technology managers to the most critical cyber risks, enabling them to readily identify which network security issues to address first, thus enhancing the overall security posture of agency networks. Summary information from participating agencies will feed into a central Federal-level dashboard, managed by DHS’ National Cybersecurity Communication and Integration Center, to inform and prioritize cyber risk assessments across the Federal enterprise and support common operational pictures that provide cybersecurity situational awareness to our stakeholders.
The CDM program will strengthen cybersecurity across the “dot-gov” domain, improve our cybersecurity posture, and enhance other critical cybersecurity capabilities to thwart advanced, persistent cyber threats in a dynamic threat environment.
DHS has partnered with the General Services Administration to award a multi-vendor, five-year blanket purchase agreement contract for the CDM program, that will provide real-time diagnostic and mitigation services to federal executive branch civilian agencies, state and local entities, and the defense industrial base sector. The BPA is an overarching contract with an estimated ceiling of $6 billion over its five year duration (one-year contract with four additional one-year options) and is open to all Federal civilian departments and agencies, the defense industrial base sector, as well as state, local, tribal, and territorial governments. This significant contract award is designed to support Federal civilian networks and the extensive number of cybersecurity requirements for any Federal custom and cloud application over the life of the contract, and will be funded through each participating department and agency, not solely by DHS.
Today, Security Napolitano administered the Oath of Allegiance and delivered remarks at a naturalization ceremony at W.T. Woodson High School in Fairfax. The 350 new United States citizens naturalized today represent 75 countries, and include two active duty members of the United States Armed Forces.
Secretary Napolitano said, “Throughout our history, people from across the world have come to the United States seeking freedom and new opportunities for themselves and their families. Now, as United States citizens, you have earned the rights and freedoms that our Constitution guarantees, as well as the responsibilities that citizenship brings to contribute to the strength and vitality of our communities and our Nation.”
Read more about U.S. Citizenship and Immigration Services, the DHS component responsible for overseeing lawful immigration to the United States here.
Today in Cincinnati, Secretary of Homeland Security Janet Napolitano and U.S. Immigration and Customs Enforcement Acting Director John Sandweg met with business community leaders to discuss the need for commonsense immigration reform, which is critical to our nation’s economic health and prosperity. During the meeting, Secretary Napolitano discussed the need for critical changes to the legal immigration system in order to create a 21st century immigration system that helps businesses continue to grow the economy.
Secretary Napolitano said, “Over the past few months, I have heard from many business leaders about how critical immigration is to businesses. That’s why we were encouraged by the passage of the immigration legislation in the U.S. Senate, which would make critical changes to the legal immigration system. Together, these reforms will help us support businesses and improve our economy, while helping us continue to strengthen border security.”
You can read more about this meeting, and Secretary Napolitano’s trip to Cincinnati, here.
Posted by Shayne Adamski, Senior Manager of Digital Engagement at the Federal Emergency Management Agency
Editors' Note: This was originally posted on the FEMA blog on August 2, 2013.
Crowdsourcing disasters. New social media sites. Centralized places to get info. Our digital team at FEMA has been busy launching a number of new tools to help the public and our partners to prepare for, respond to and recover from disasters. Here’s a quick rundown of the new resources:
- FEMA App with the Disaster Reporter feature
- FEMA’s Social Hub
- FEMA LinkedIn
- U.S. Fire Administration Facebook
How does this help you be a part of the emergency management team? Watch this demo from Administrator Fugate as he walks through all the new tools and resources you can take advantage of:
Before a disaster, you can download the FEMA App and use the interactive emergency kit checklist and learn what to do during specific hazards. And if you find yourself in a situation, where you need a refresher, you can still pull up the safety info in the app, even if you don’t have a cellular or wifi connection.
After a disaster, if you’re not placing yourself in harm’s way, you can use the Disaster Reporter feature in the FEMA App and take a photo of the disaster area and upload it to us (just make sure the GPS function is turned on). This includes all types of disasters, not just Federal disasters.
We’ll review the photo submissions to ensure: (1) it is disaster-related, (2) not spam, and (3) there are no privacy issues. And then all approved content is posted on a public map. It’s pretty simple.
We’re really excited about this new feature, because it gives all stakeholders in a disaster area the ability to upload information to a centralized place, allowing all emergency managers to view the information. Since we’re using the FEMA GeoPlatform for our mapping interface the content can be shared on other maps and sites, using what techies refer to as an API (Application Programming Interface).
Speaking of centralized places to view information, the Social Hub is where all stakeholders can go to view tweets from trusted emergency managers. The great thing about the Social Hub is we can change the information we’re displaying on the fly. When we launched the Social Hub on Monday, July 29, we were displaying tweets from accounts in Hawaii, because we were monitoring Tropical Storm Flossie.
When the storm dissipated, we transitioned to displaying local National Weather Service tweets, both in a scrolling format and on a map. As we know, more and more people are going mobile with their devices (phones and tablets), so we also created a Social Hub on our mobile site.
Finally, we recently launched two new channels to better engage FEMA’s digital audience: the FEMA LinkedIn page and the U.S. Fire Administration Facebook page. On LinkedIn, look for job listings, stories about what a “day in the life” looks like at FEMA, and other training resources. And if you “Like” the U.S. Fire Administration Facebook page, you’ll receive lots of stories, resources, and tips for assisting fire departments or firefighters.
When I testified on Capitol Hill on Social Media and Emergency Management last month, I said that we’re always looking at how we can expand our existing digital and social products. As you can imagine, we’re excited about these new tools and we’re looking forward to feedback.
Kick the tires as they say and let us know what you think.
By Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator
Editors' Note: This was originially posted on the White House blog on August 6, 2013
The systems that run our Nation’s critical infrastructure such as the electric grid, our drinking water, our trains and other transportation are increasingly networked. As with any networked system, these systems are potentially vulnerable to a wide range of threats, and protecting this critical infrastructure from cyber threats is among our highest security priorities. That is why, earlier this year, the President signed an Executive Order designed to increase the level of core capabilities for our critical infrastructure to manage cyber risk. The Order does this by focusing on three key areas: information sharing, privacy, and adoption of cybersecurity practices.
To promote cybersecurity practices and develop these core capabilities, we are working with critical infrastructure owners and operators to create a Cybersecurity Framework – a set of core practices to develop capabilities to manage cybersecurity risk. These are the known practices that many firms already do, in part or across the enterprise and across a wide range of sectors. The draft Framework will be complete in October. After a final Framework is released in February 2014, we will create a Voluntary Program to help encourage critical infrastructure companies to adopt the Framework.
While this effort is underway, work on how to incentivize companies to join a Program is also under consideration. While the set of core practices have been known for years, barriers to adoption exist such as the challenge of clearly identifying the benefits of making certain cybersecurity investments. As directed in the EO, the Departments of Homeland Security, Commerce, and Treasury have identified potential incentives and provided their recommendations to the President, through the Assistant to the President for Homeland Security and Counterterrorism and the Assistant to the President for Economic Affairs.
Over the next few months, agencies will examine these options in detail to determine which ones to adopt and how, based substantially on input from critical infrastructure stakeholders. We believe that sharing the findings and our plans for continued work will promote transparency and sustain a public conversation about the recommendations. Publishing these agency reports is therefore an interim step and does not indicate the Administration’s final policy position on the recommend actions.
The recommendations were developed in a relatively short time frame and with the understanding that the Cyrsecurity Framework and Voluntary Program are still under development. Yet, they incorporate significant feedback from many of our stakeholders, including the critical infrastructure community, through the DHS-led existing public-private partnerships with critical infrastructure and a Notice of Inquiry issued by the Commerce Department. Although each agency prepared separate reports, these reports are complementary. Taken as a whole, the reports point to eight areas where the agencies recommend action to establish incentives to support voluntary adoption of the Cybersecurity Framework.
Some of the recommended incentives can be put in place quickly under existing authorities after the Voluntary Program is established. Others would require legislative action and additional maturation of the Cybersecurity Framework and Voluntary Program, along with further analysis and dialogue between the Administration, Congress, and private sector stakeholders. We are currently working with the appropriate agencies to prioritize each incentive area and move forward.
These areas include:
- Cybersecurity Insurance — Agencies suggested that the insurance industry be engaged when developing the standards, procedures, and other measures that comprise the Framework and the Program. The goal of this collaboration would be to build underwriting practices that promote the adoption of cyber risk-reducing measures and risk-based pricing and foster a competitive cyber insurance market. The Commerce Department’s National Institute of Standards and Technology is taking steps to engage the insurance industry in further discussion on the Framework. This process should continue as the Framework is developed and the Voluntary Program is created.
- Grants — Agencies suggested leveraging federal grant programs. Agencies suggest incentivizing the adoption of the Framework and participation in the Voluntary Program as a condition or as one of the weighted criteria for federal critical infrastructure grants. Over the next six months, agencies will develop such criteria for consideration.
- Process Preference — Agencies offered suggestions on a range of government programs in which participating in the Voluntary Program could be a consideration in expediting existing government service delivery. For example, the government sometimes provides technical assistance to critical infrastructure. Outside of incident response situations, the government could use Framework adoption and participation in the Voluntary Program as secondary criteria for prioritizing who receives that technical assistance. The primary criteria for technical assistance would always remain the criticality of the infrastructure, but for non-emergency situations, technical assistance could be seen as an additional benefit that could help to drive adoption. Agencies currently have the authority to act in these areas without further legislation. As we work with the private sector over the next six months to develop the Voluntary Program, we will simultaneously identify and examine specific programs where this approach could be helpful
- Liability Limitation — Agencies pointed to a range of areas where more information is necessary to determine if legislation to reduce liability on Program participants may appropriately encourage a broader range of critical infrastructure companies to implement the Framework. These areas include reduced tort liability, limited indemnity, lower burdens of proof, or the creation of a Federal legal privilege that preempts State disclosure requirements. As the Framework is developed, agencies will continue to gather information about the specific areas identified in the reports related to liability limitation.
- Streamline Regulations — Agencies will continue to ensure that the Framework and the Voluntary Program interact in an effective manner with existing regulatory structures. As the Framework and Voluntary Program are developed, agencies will recommend other areas that could help make compliance easier, for example: eliminating overlaps among existing laws and regulation, enabling equivalent adoption across regulatory structures, and reducing audit burdens.
- Public Recognition — Agencies suggested further exploration on whether optional public recognition for participants in the Program and their vendors would be an effective means to incentivize participation. DHS will work with the critical infrastructure community to consider areas for optional public recognition as they work together to develop the Voluntary Program.
- Rate Recovery for Price Regulated Industries — Agencies recommended further dialogue with federal, state, and local regulators and sector specific agencies on whether the regulatory agencies that set utility rates should consider allowing utilities recovery for cybersecurity investments related to complying with the Framework and participation in the Program.
- Cybersecurity Research — Once the Framework is complete, agencies recommended identifying areas where commercial solutions are available to implement the Framework and gaps where those solutions do not yet exist. The government can then emphasize research and development to meet the most pressing cybersecurity challenges where commercial solutions are not currently available.
While these reports do not yet represent a final Administration policy, they do offer an initial examination of how the critical infrastructure community could be incentivized to adopt the Cybersecurity Framework as envisioned in the Executive Order. We will be making more information on these efforts available as the Framework and Program are completed.
Today, Secretary Napolitano and GSA Administrator Dan Tangherlini officially opened the U.S. Department of Homeland Security (DHS) Consolidated Headquarters campus with a ceremonial ribbon cutting at the newly built U.S. Coast Guard Headquarters building. The opening of the new facility marks the completion of the first phase of the consolidation project on St. Elizabeths west campus.
Secretary Napolitano and GSA Administrator Tangherlini were joined by U.S. Senate Homeland Security & Governmental Affairs Committee Chairman Senator Tom Carper, and House Subcommittee on Economic Development, Public Buildings and Emergency Management Ranking Member Congresswoman Eleanor Holmes Norton, DC Mayor Vincent Gray, DC Ward 8 Councilmember Marion Barry, and U.S. Coast Guard Commandant Admiral Robert Papp Jr. to unveil the new facility, pictured above.
Read more about the opening of the new DHS headquarters here.
Posted by Phil McNamara, Assistant Secretary for Intergovernmental Affairs
The Office of Intergovernmental Affairs (IGA) announced today the release of the Department’s updated Tribal Resource Guide, a comprehensive catalog of DHS resources that are available to Indian Country to keep our nations safe and secure.
IGA first developed the guide in 2012 to highlight resources DHS has to offer to tribal nations to secure the nation from the many threats we face. The Tribal Resource Guide summarizes and provides tribes with information on the Department’s offices and components, available training programs, initiatives that impact tribal nations, key contact information, and more.
Tribal nations are critical partners in our homeland security efforts, and IGA is committed to strengthening the Department’s relationship with tribal nations. IGA’s mission is to promote an integrated national approach to homeland security by coordinating and advancing federal interaction with state, local, tribal, and territorial (SLTT) governments. IGA is responsible for continuing the homeland security dialogue with executive-level partners at the SLTT levels, along with the national associations that represent them; and is the designated lead for tribal relations and consultation at the Department.
The Tribal Resource Guide is organized by component and resource type, and serves as a starting point for locating DHS resources for tribal leaders and their staff. A comprehensive index is available to help you locate resources within the document. For more information, please contact our office at DHS.IGA@hq.dhs.gov.
The guide can be found here.
On July 23 and 24, Secretary Napolitano traveled to Texas and Mexico with U.S. Customs and Border Protection Acting Commissioner Thomas Winkowski, and Assistant Secretary for International Affairs Alan Bersin. While in Mexico City, Secretary Napolitano met with Mexican President Enrique Peña Nieto (pictured here), as well as members of his cabinet, to discuss the ongoing partnership and cooperation between the United States and Mexico to ensure a safe and secure border region, which is critical to both nations’ economic competitiveness and national security.
Of the trip, Secretary Napolitano said: “The U.S.-Mexican border is now more secure than ever, in part because of the concept of co-management and co-responsibility. The Department of Homeland Security (DHS) stands ready to share our experience and work together to enhance regional security by protecting vulnerable migrants, deterring and detecting illegal immigration, and facilitating lawful trade and travel.”
Posted by U.S. Coast Guard Petty Officer 3rd Class Lisa Ferdinando
Editors Note: This was originially posted on the Coast Guard blog, The Coast Guard Compass, on July 11, 2013.
Petty Officer 1st Class Carlin Burnside, a maritime enforcement specialist, mans a mounted automatic weapon during a morning patrol of the Potomac River.
As the summer sun sets over Washington, D.C., the sky turns a spectacular golden hue as members of Coast Guard Station Washington head out for another mission.
From ensuring public safety and security on the water along the country’s most iconic landmarks to multi-agency national security and law enforcement missions, a “typical day” at Station Washington is anything but typical.
While Washington is a seasonal boating area, the commanding officer of the station, Lt. Celina Ladyga, says the crew stays busy all year with operations and special national security events like the presidential inauguration and State of the Union address.
Seaman Alexander Smith fills out documents as he and Coast Guardsmen from Station Washington help a stranded boater during an evening patrol on the Potomac River. U.S. Coast Guard photo by Petty Officer 3rd Class Lisa Ferdinando.“
"It’s really quite a wide breadth of Coast Guard missions that we do here,” said Ladyga.
Station Washington was established after Sept. 11, she said, and its primary responsibility is homeland security.
“We do a heavy amount of protection of maritime critical infrastructure, but we also do all of the traditional Coast Guard missions, such as search and rescue and public boater outreach,” she said.
Station members were active in National Safe Boating Week in May, meeting with local boaters and reminding them of the important tips for staying safe on the water, including always wearing a life vest, filing a float plan and having emergency communication devices.
During another weekend, Station Washington crews conducted patrols for Operation Dry Water, a national crackdown on boaters operating vessels under the influence.
National Safe Boating Week and Operation Dry Water are both multi-agency efforts aimed at keeping the American public safe on the water. Ladyga said maintaining relationships with local, state and federal partners is important, especially with overlapping jurisdictions overlap or complex cases.
“The multi-agency connection and partnerships are very critical in this area,” she said. “Ultimately everybody has the same goal – to ensure the safety and security of the American public.”
Ladyga also shared advice for boaters who are heading out on the Potomac River and other waterways around our nation’s capital.
She said boaters need to have the proper safety equipment, should keep an eye out for anything suspicious and have the necessary contact information for authorities should they observe anything unusual.
“Knowing who to call and how to make that report is a critical piece because it’s really all of our responsibility to ensure the safety and security of the waterway,” said Ladyga.
Chief Petty Officer Jasen Hollopeter runs the station’s day-to-day operations, including scheduling harbor patrols and security and safety zones to keep the public safe.
Petty Officer 1st Class Carlin Burnside, a maritime enforcement specialist with Coast Guard Station Washington, monitors activity on the water during a morning patrol.
Conveniently located in Washington, the station is a popular stop for leaders from other military branches or members of Congress who want to see Coast Guard operations firsthand, said Hollopeter.
“That’s the unique thing about where we are,” he said. “You have all these other branches of service and members of Congress who may not be familiar with Coast Guard operations, so we are their first impression of the Coast Guard.”
Being in Washington also gives crewmembers unique opportunities, such as Petty Officer 1st Class Benjamin Atkins’ re-enlistment.
“I just re-enlisted at the National Archives. I was able to re-enlist right in front of the U.S. Constitution,” he said proudly, noting that nowhere else would he of had such a magnificent opportunity.
“It was great.”At Station Washington for about a year, Seaman Alexander Smith works on everything as a non-rate – general maintenance, fielding phone calls, working on qualifications and getting underway.
“I’ve enjoyed my time at Station Washington. I love it,” said Smith. Smith, who is training to be a boatswain’s mate, doesn’t plan on stopping once he makes petty officer third class.
“I think it would be nice to hear ‘Master Chief Smith,’” he said with a smile. “That would be pretty cool.”
But for now, Smith and the rest of the crew vigilantly standing watch, protecting the American people and living the Coast Guard’s core values in the nation’s capital.
Petty Officer 1st Class Bobby Bonsey, left, and Petty Officer 2nd Class Adam Wilk, both machinery technicians at Coast Guard Station Washington, repair a seat on a Coast Guard boat.
Posted by Rich Serino, Deputy Administrator of the Federal Emergency Management Agency
This was originally posted by the Federal Emergency Management Agency on July 10, 2012.
This week, President Barack Obama laid out the Administration’s New Management Agenda. As part of a new approach to deliver a smarter, more innovative, and more accountable government, President Obama put forth a plan to more effectively use technology and innovation to better serve and meet the needs of the public. During a press conference, President Obama highlighted some of the innovative and survivor centric solutions that FEMA is implementing:
"Today, our Chief Technology Officer, Todd Park, and our Chief Information Officer, Steve VanRoekel, are working with their teams to innovate and apply the best technology to help solve some of our biggest challenges -- from creating jobs to reducing health care costs to keeping our nation secure. (…)
First, we found ways to deliver the services that citizens expect in smarter, faster, and better ways. So, for example, until recently, when a natural disaster struck, teams from FEMA had to rely exclusively on in-person inspections to figure out which families needed help. Now they analyze satellite and aerial imagery and get housing assistance to areas that need it most, more quickly. After Hurricane Sandy, most folks were able to sign up for assistance using FEMA’s mobile and web apps -- updating and checking the status of their applications. And FEMA agents went door-to-door in some areas with iPads, helping residents who had lost power and Internet access sign up for disaster relief without leaving their homes. So making sure that we’re delivering services better, faster, more efficiently."
Here at FEMA, we understand the value of innovation and recognize that through innovation we can develop new and creative solutions and deliver these solutions to those that need them the most—survivors. During the initial response to Hurricane Sandy, the FEMA Innovation Team deployed to identify solutions to some of the challenges faced in New York. As the President highlighted, one innovative solution was providing our FEMA Corps teams with the equipment necessary to go door-to-door to register survivors who may have lost power. This solution was so warmly received that we have made it common practice.
After the tornadoes struck Oklahoma, FEMA deployed the newly formed Disaster Survivor Assistance Teams to go door-to-door to register survivors at their homes.
The role of technology has certainly changed the way we operate and serve survivors during their time of need. Our Geospatial Team used geospatial mapping and imagery to provide information to first responders and emergency managers about damaged areas moments after the deadly tornadoes touched down in Oklahoma. We also launched our FEMALab in response to the tornadoes in the National Response Coordination Center, which allowed some of our innovation team members to work virtually.
We continue to look for ways to improve- to find creative solutions to the many challenges we face in emergency management. You can help us to innovate too! Join us for the next FEMA Think Tank on Thursday, July 18th for our latest edition, “Innovation Every Emergency Manager Should Know About” which will cover innovators from around the country. We hope you join us and tell us what you are doing to innovate!