Our daily life, economic vitality, and national security depend on cyberspace. While increased connectivity has led to significant transformations and advances across our country – and around the world – it also has increased the risks to privacy and security. Everyone has a unique role to play in cybersecurity—whether it’s protecting small businesses from fraud, teaching students about cybersecurity ethics, or just thinking twice before clicking on a hyperlink. The Department’s Stop.Think.Connect. TM campaign relies on its National Network of partners to spread the word and raise awareness about the importance of staying safe online.
The National Network comprises approximately 30 non-profit organizations, including D.A.R.E., Boys & Girls Clubs of America, 4-H, InfraGard, and the National Association of Counties. Some of these partners have joined the campaign in recent months, helping us reach more Americans to inform them about their personal role in addressing cybersecurity risks.
Recent new partners include:
- Armed Forces Communications and Electronics Association (AFCEA)
- Center for Internet Security (CIS)
- Connect2Compete, an organization dedicated to expanding access to technology and training
- Connect Safely, a non-profit organization that provides social media and mobile media safety tips
- Government Technology Services (GTS) Coalition
- High Technology Crime Investigation Association (HTCIA)
- Hungry Hungry Hackers (H3), an applied research security community at Georgia Tech
- International Council for Small Business (ICSB)
- Fraud.org, a project of the National Consumers League
- National Elementary Honor Society
- National Junior Honor Society
- National Honor Society
- Women in Homeland Security
Stop.Think.Connect.™ is a national public awareness effort to guide the nation to a higher level of Internet safety and security by educating and empowering the American public to be more vigilant about practicing safe online habits. The campaign encourages Americans to view Internet safety and security as a shared responsibility at home, in the workplace, and in our communities. Through these partnerships with the National Network, the Stop.Think.Connect.™ campaign gains a greater understanding of the cybersecurity issues and trends, and is able to develop helpful tips and resources specific to the organizations and their members.
For a complete list of Stop.Think.Connect. National Network partners, or for more information on how an organization can join, visit www.dhs.gov/stopthinkconnect.
Posted by Shaun Donovan, Secretary of the Department of Housing and Urban Development
Ed. note: This is cross-posted from hud.gov. See the original post here.
From New Orleans to Cedar Rapids to Tuscaloosa to Minot – I have walked the streets and looked in the eyes of families whose lives have come crashing down around them under nature’s wrath.
But nothing prepared me to come back home to New York City last October and look in the eyes of my friend who lost his daughter to Hurricane Sandy. Nothing prepared me to see neighborhoods—many of which had served as the backdrop of my childhood—completely unrecognizable.
This was all due to the devastating storm that hit our shores in the fall with a power and a fury unlike anything most of us had ever seen before. Entire neighborhoods were flooded. Families and small business owners lost everything in a single night. Infrastructure was torn apart. In short, it was one of the most painful chapters in the region’s history and the Obama administration has been committed to helping communities turn the page.
We have worked closely with State and Local governments up and down the East Coast to help prepare for and respond to the storm. Within a week of Sandy making landfall we had 17,000 federal responders on the ground, helping displaced families find shelter and getting communities back on their feet.
In addition, the scope of the damage made clear that more assistance was needed, which is why the President fought for, and Congress ultimately passed, a supplemental funding bill providing tens of billions of dollars to help rebuild impacted communities.
The President also knew that we needed to do two key things: cut red tape to get assistance where it was needed as quickly as possible, and coordinate the efforts of all of the Federal agencies to support local communities as they rebuilt in a way that made them more resilient.
That’s why he created the Hurricane Sandy Rebuilding Task Force, which I have the honor to chair.
For the past six months we have worked closely with our Federal partners to find ways to get funding and other assistance where it’s needed more effectively and efficiently. To date, the Administration has provided assistance to nearly 255,000 people and thousands of businesses. FEMA alone has provided $12 billion in funding to individuals and communities.
Additional funding from the supplemental funding bill continues to flow into the region.
And, today, I’m proud to release the Hurricane Sandy Task Force’s Rebuilding Strategy– which will help guide the investment of these funds and, in the bigger picture, assist communities across the nation in preparing for the increasing risks caused by extreme weather.
The President has been clear – most recently in his Climate Action Plan – that we have an obligation to protect the planet for the next generation, just as our parents and grandparents handed us a better planet. He has outlined a plan to cut carbon pollution that harms our health and our planet – and that is contributing to greater risks of asthma attacks and more severe floods and heat waves that drive up food prices.
He has also been clear that, as we take responsible steps to cut carbon pollution, we must prepare communities across the country for the impacts of climate change, many of which are already being felt.
The Hurricane Sandy Rebuilding Task Force’s Rebuilding Strategy lays out a series of recommendations that will help the Sandy-impacted region rebuild in a way that will prepare them for these impacts – and that will serve as models for communities across the country.
For highlights from the Rebuilding Strategy, click here.
To read the entire Rebuilding Strategy, click here.
Over the past four and a half years, cybersecurity has become one of the top priorities at the Department of Homeland Security. Today, I am pleased to announce the appointment of Phyllis Schneck as the new Deputy Under Secretary for Cybersecurity for the National Protection and Programs Directorate (NPPD). Phyllis will be coming to the Department of Homeland Security from her current position as Vice President and Chief Technology Officer for the Global Public Sector at McAfee, Inc. with a wealth of experience in cybersecurity and information security.
For more than 14 years, Phyllis has had a distinguished presence in the security and infrastructure protection community, most recently as a key contributor on the CSIS Commission on Cybersecurity for the 44th Presidency. Phyllis is the current Chairman of the Board of Directors of the National Cyber Forensics and Training Alliance, a partnership between corporations, government and law enforcement for cyber analysis to combat international cyber crime. Phyllis has also served as the Chairman of the NIST Information Security and Privacy Advisory Board, which helps identify emerging managerial, technical, administrative, and physical safeguard issues relative to information security and privacy.
Before joining McAfee, Phyllis held various senior and information science positions at Research Integration for Secure Computing, eCommSecurity, SecureWorks, Inc., Avalon Communications, CygnaCom Solutions, the MITRE Corporation, Computer Sciences Corporation, IBM, NASA and the University Of Maryland.
Phyllis has been a close partner in our cybersecurity mission for many years. She served for eight years as chairman of the FBI’s InfraGard National Board of Directors and founding president of InfraGard Atlanta, growing the InfraGard program to over 30,000 members nationwide in the past decade, and fostering a relationship between InfraGard and DHS. Equally impressive, Phyllis holds three patents in high-performance and adaptive information security, and has six research publications in the areas of information security, real-time systems, telecom and software engineering.
During my tenure as Secretary, we have strengthened partnerships with the private sector to secure cyber networks and protect physical assets while developing a world-class cybersecurity workforce. In fact, the position of Deputy Under Secretary for Cybersecurity was created in 2011 to act as the Department’s chief cybersecurity policy official, in recognition of the growing importance of cybersecurity to DHS’ mission of strengthening the security and resilience of our nation's critical infrastructure. I am confident that Phyllis will continue these efforts, and build upon the foundations laid by her predecessors, to create a safe, secure and resilient cyber environment and promote cybersecurity knowledge and innovation.
Today marks the first anniversary of the Department of Homeland Security's implementation of deferred action for childhood arrivals (DACA), a directive that was built on a number steps taken by DHS during President Obama's administration to ensure that we are using our immigration enforcement resources most effectively, based on common sense priorities that focus first on those that pose threats to our communities.
Following a series of steps to make the immigration system more effective by focusing our enforcement resources in a common sense way, in June 2012, I announced an initiative that allows young people who were brought to the United States as children, who do not present a risk to national security or public safety, and who meet several key criteria to be considered for deferred action and work authorization. Just 60 days later, on August 15th, 2012, U.S. Citizenship and Immigration Services began accepting DACA requests.
Because of the action we have undertaken through the DACA process, thousands of hardworking young people who are American in every way but a piece of paper now have the ability to continue their educations and contribute to their communities. In just its first year, over 500,000 individuals have requested Deferred Action for Childhood Arrivals and after a thorough review of each of those cases, including a background check, 430,000 requests have already been approved, with others still under review. These young people came to our country as children and many of these young people have already contributed significantly to our country.
Our nation's immigration laws must be enforced in a strong and sensible manner but they are not designed to be blindly enforced without consideration given to the individual circumstances of each case. Prosecutorial discretion, which is used in so many other areas, is especially justified in DACA cases. And, by removing the threat of deportation for people brought to the country as children, we have been able to continue to focus our enforcement efforts on serious criminals, public safety threats, and those who pose a danger to national security.
DACA is not a long term solution to the broader challenges presented by our nation's outdated immigration system. Earlier this year, the Senate passed a bipartisan bill that would modernize our system, ensuring it was more fair, while also expanding the resources devoted to protecting our nation's borders and sanctioning employees who continue to hire illegal labor. The bill would require anyone who seeks a path to citizenship to get right with the law, pay taxes, learn English, and if those conditions are met would have the opportunity to become citizens only after those who are already in line. As a broad coalition of Americans, from business leaders, to labor groups, to law enforcement, to the evangelical community, have agreed, now is the time for this important reform. It's good for our economy, it corresponds to our values as a nation of immigrants, and it's the right thing to do.
I am hopeful that the House of Representatives will follow the leadership shown by a strong bipartisan majority of their Senate colleagues and work to fix our broken immigration system. In the meantime, however, DACA will continue to serve as an important means by which young people brought here as children can remain in, and contribute to, this great country.
This week, DHS achieved an important milestone towards better protecting government networks from cyber attacks. The General Services Administration yesterday announced a contract award that will allow government agencies to partner with the Department of Homeland Security (DHS) to deploy Continuous Diagnostics and Mitigation (CDM) technology that will enhance the security and resilience of their networks – better safeguarding both the sensitive data on those networks and the critical functions they provide to all Americans.
Through the CDM program, DHS works with partners across the entire Federal executive branch civilian government to deploy and maintain an array of sensors for hardware asset management, software asset management and whitelisting, vulnerability management, compliance setting management and feed data about an agency’s cybersecurity flaws and present those risks in an automated and continuously-updated dashboard. CDM, which will also be available for state and local entities as well as the defense industrial base sector, provides our stakeholders with the tools they need protect their networks and enhance their ability to see and counteract day-to-day cyber threats.
Whether to receive important health or emergency information or to check on the provision of essential government services, millions of Americans visit government websites every day. While increased connectivity has transformed and improved access to government, it also has increased the importance and complexity of our shared risk. The growing number of cyber attacks on Federal government networks is growing more sophisticated, aggressive, and dynamic.
Government computer networks and systems contain information on national security, law enforcement, and other sensitive data, including information about federal employees and others. It is paramount that the government protects this information from theft and protects networks and systems from attacks while continually providing essential services to the public. As the department responsible for securing unclassified federal civilian government networks—the “dot-gov” domain—DHS coordinates the national response to significant cyber incidents and maintains a common operational picture for cyberspace across the government. Part of that responsibility includes network intrusion detection and prevention technology under a program known as Einstein. When both programs are implemented, they will provide complementary protections across the dot-gov domain, further protecting the government’s infrastructure and the nation’s data.
Under the CDM program, participating departments and agencies will be able to enhance their cybersecurity assessments by implementing automated network sensor capacity and prioritizing risk alerts. Results will feed into agency-level dashboards that produce customized reports that alert information technology managers to the most critical cyber risks, enabling them to readily identify which network security issues to address first, thus enhancing the overall security posture of agency networks. Summary information from participating agencies will feed into a central Federal-level dashboard, managed by DHS’ National Cybersecurity Communication and Integration Center, to inform and prioritize cyber risk assessments across the Federal enterprise and support common operational pictures that provide cybersecurity situational awareness to our stakeholders.
The CDM program will strengthen cybersecurity across the “dot-gov” domain, improve our cybersecurity posture, and enhance other critical cybersecurity capabilities to thwart advanced, persistent cyber threats in a dynamic threat environment.
DHS has partnered with the General Services Administration to award a multi-vendor, five-year blanket purchase agreement contract for the CDM program, that will provide real-time diagnostic and mitigation services to federal executive branch civilian agencies, state and local entities, and the defense industrial base sector. The BPA is an overarching contract with an estimated ceiling of $6 billion over its five year duration (one-year contract with four additional one-year options) and is open to all Federal civilian departments and agencies, the defense industrial base sector, as well as state, local, tribal, and territorial governments. This significant contract award is designed to support Federal civilian networks and the extensive number of cybersecurity requirements for any Federal custom and cloud application over the life of the contract, and will be funded through each participating department and agency, not solely by DHS.
Today, Security Napolitano administered the Oath of Allegiance and delivered remarks at a naturalization ceremony at W.T. Woodson High School in Fairfax. The 350 new United States citizens naturalized today represent 75 countries, and include two active duty members of the United States Armed Forces.
Secretary Napolitano said, “Throughout our history, people from across the world have come to the United States seeking freedom and new opportunities for themselves and their families. Now, as United States citizens, you have earned the rights and freedoms that our Constitution guarantees, as well as the responsibilities that citizenship brings to contribute to the strength and vitality of our communities and our Nation.”
Read more about U.S. Citizenship and Immigration Services, the DHS component responsible for overseeing lawful immigration to the United States here.
Today in Cincinnati, Secretary of Homeland Security Janet Napolitano and U.S. Immigration and Customs Enforcement Acting Director John Sandweg met with business community leaders to discuss the need for commonsense immigration reform, which is critical to our nation’s economic health and prosperity. During the meeting, Secretary Napolitano discussed the need for critical changes to the legal immigration system in order to create a 21st century immigration system that helps businesses continue to grow the economy.
Secretary Napolitano said, “Over the past few months, I have heard from many business leaders about how critical immigration is to businesses. That’s why we were encouraged by the passage of the immigration legislation in the U.S. Senate, which would make critical changes to the legal immigration system. Together, these reforms will help us support businesses and improve our economy, while helping us continue to strengthen border security.”
You can read more about this meeting, and Secretary Napolitano’s trip to Cincinnati, here.
Posted by Shayne Adamski, Senior Manager of Digital Engagement at the Federal Emergency Management Agency
Editors' Note: This was originally posted on the FEMA blog on August 2, 2013.
Crowdsourcing disasters. New social media sites. Centralized places to get info. Our digital team at FEMA has been busy launching a number of new tools to help the public and our partners to prepare for, respond to and recover from disasters. Here’s a quick rundown of the new resources:
- FEMA App with the Disaster Reporter feature
- FEMA’s Social Hub
- FEMA LinkedIn
- U.S. Fire Administration Facebook
How does this help you be a part of the emergency management team? Watch this demo from Administrator Fugate as he walks through all the new tools and resources you can take advantage of:
Before a disaster, you can download the FEMA App and use the interactive emergency kit checklist and learn what to do during specific hazards. And if you find yourself in a situation, where you need a refresher, you can still pull up the safety info in the app, even if you don’t have a cellular or wifi connection.
After a disaster, if you’re not placing yourself in harm’s way, you can use the Disaster Reporter feature in the FEMA App and take a photo of the disaster area and upload it to us (just make sure the GPS function is turned on). This includes all types of disasters, not just Federal disasters.
We’ll review the photo submissions to ensure: (1) it is disaster-related, (2) not spam, and (3) there are no privacy issues. And then all approved content is posted on a public map. It’s pretty simple.
We’re really excited about this new feature, because it gives all stakeholders in a disaster area the ability to upload information to a centralized place, allowing all emergency managers to view the information. Since we’re using the FEMA GeoPlatform for our mapping interface the content can be shared on other maps and sites, using what techies refer to as an API (Application Programming Interface).
Speaking of centralized places to view information, the Social Hub is where all stakeholders can go to view tweets from trusted emergency managers. The great thing about the Social Hub is we can change the information we’re displaying on the fly. When we launched the Social Hub on Monday, July 29, we were displaying tweets from accounts in Hawaii, because we were monitoring Tropical Storm Flossie.
When the storm dissipated, we transitioned to displaying local National Weather Service tweets, both in a scrolling format and on a map. As we know, more and more people are going mobile with their devices (phones and tablets), so we also created a Social Hub on our mobile site.
Finally, we recently launched two new channels to better engage FEMA’s digital audience: the FEMA LinkedIn page and the U.S. Fire Administration Facebook page. On LinkedIn, look for job listings, stories about what a “day in the life” looks like at FEMA, and other training resources. And if you “Like” the U.S. Fire Administration Facebook page, you’ll receive lots of stories, resources, and tips for assisting fire departments or firefighters.
When I testified on Capitol Hill on Social Media and Emergency Management last month, I said that we’re always looking at how we can expand our existing digital and social products. As you can imagine, we’re excited about these new tools and we’re looking forward to feedback.
Kick the tires as they say and let us know what you think.
By Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator
Editors' Note: This was originially posted on the White House blog on August 6, 2013
The systems that run our Nation’s critical infrastructure such as the electric grid, our drinking water, our trains and other transportation are increasingly networked. As with any networked system, these systems are potentially vulnerable to a wide range of threats, and protecting this critical infrastructure from cyber threats is among our highest security priorities. That is why, earlier this year, the President signed an Executive Order designed to increase the level of core capabilities for our critical infrastructure to manage cyber risk. The Order does this by focusing on three key areas: information sharing, privacy, and adoption of cybersecurity practices.
To promote cybersecurity practices and develop these core capabilities, we are working with critical infrastructure owners and operators to create a Cybersecurity Framework – a set of core practices to develop capabilities to manage cybersecurity risk. These are the known practices that many firms already do, in part or across the enterprise and across a wide range of sectors. The draft Framework will be complete in October. After a final Framework is released in February 2014, we will create a Voluntary Program to help encourage critical infrastructure companies to adopt the Framework.
While this effort is underway, work on how to incentivize companies to join a Program is also under consideration. While the set of core practices have been known for years, barriers to adoption exist such as the challenge of clearly identifying the benefits of making certain cybersecurity investments. As directed in the EO, the Departments of Homeland Security, Commerce, and Treasury have identified potential incentives and provided their recommendations to the President, through the Assistant to the President for Homeland Security and Counterterrorism and the Assistant to the President for Economic Affairs.
Over the next few months, agencies will examine these options in detail to determine which ones to adopt and how, based substantially on input from critical infrastructure stakeholders. We believe that sharing the findings and our plans for continued work will promote transparency and sustain a public conversation about the recommendations. Publishing these agency reports is therefore an interim step and does not indicate the Administration’s final policy position on the recommend actions.
The recommendations were developed in a relatively short time frame and with the understanding that the Cyrsecurity Framework and Voluntary Program are still under development. Yet, they incorporate significant feedback from many of our stakeholders, including the critical infrastructure community, through the DHS-led existing public-private partnerships with critical infrastructure and a Notice of Inquiry issued by the Commerce Department. Although each agency prepared separate reports, these reports are complementary. Taken as a whole, the reports point to eight areas where the agencies recommend action to establish incentives to support voluntary adoption of the Cybersecurity Framework.
Some of the recommended incentives can be put in place quickly under existing authorities after the Voluntary Program is established. Others would require legislative action and additional maturation of the Cybersecurity Framework and Voluntary Program, along with further analysis and dialogue between the Administration, Congress, and private sector stakeholders. We are currently working with the appropriate agencies to prioritize each incentive area and move forward.
These areas include:
- Cybersecurity Insurance — Agencies suggested that the insurance industry be engaged when developing the standards, procedures, and other measures that comprise the Framework and the Program. The goal of this collaboration would be to build underwriting practices that promote the adoption of cyber risk-reducing measures and risk-based pricing and foster a competitive cyber insurance market. The Commerce Department’s National Institute of Standards and Technology is taking steps to engage the insurance industry in further discussion on the Framework. This process should continue as the Framework is developed and the Voluntary Program is created.
- Grants — Agencies suggested leveraging federal grant programs. Agencies suggest incentivizing the adoption of the Framework and participation in the Voluntary Program as a condition or as one of the weighted criteria for federal critical infrastructure grants. Over the next six months, agencies will develop such criteria for consideration.
- Process Preference — Agencies offered suggestions on a range of government programs in which participating in the Voluntary Program could be a consideration in expediting existing government service delivery. For example, the government sometimes provides technical assistance to critical infrastructure. Outside of incident response situations, the government could use Framework adoption and participation in the Voluntary Program as secondary criteria for prioritizing who receives that technical assistance. The primary criteria for technical assistance would always remain the criticality of the infrastructure, but for non-emergency situations, technical assistance could be seen as an additional benefit that could help to drive adoption. Agencies currently have the authority to act in these areas without further legislation. As we work with the private sector over the next six months to develop the Voluntary Program, we will simultaneously identify and examine specific programs where this approach could be helpful
- Liability Limitation — Agencies pointed to a range of areas where more information is necessary to determine if legislation to reduce liability on Program participants may appropriately encourage a broader range of critical infrastructure companies to implement the Framework. These areas include reduced tort liability, limited indemnity, lower burdens of proof, or the creation of a Federal legal privilege that preempts State disclosure requirements. As the Framework is developed, agencies will continue to gather information about the specific areas identified in the reports related to liability limitation.
- Streamline Regulations — Agencies will continue to ensure that the Framework and the Voluntary Program interact in an effective manner with existing regulatory structures. As the Framework and Voluntary Program are developed, agencies will recommend other areas that could help make compliance easier, for example: eliminating overlaps among existing laws and regulation, enabling equivalent adoption across regulatory structures, and reducing audit burdens.
- Public Recognition — Agencies suggested further exploration on whether optional public recognition for participants in the Program and their vendors would be an effective means to incentivize participation. DHS will work with the critical infrastructure community to consider areas for optional public recognition as they work together to develop the Voluntary Program.
- Rate Recovery for Price Regulated Industries — Agencies recommended further dialogue with federal, state, and local regulators and sector specific agencies on whether the regulatory agencies that set utility rates should consider allowing utilities recovery for cybersecurity investments related to complying with the Framework and participation in the Program.
- Cybersecurity Research — Once the Framework is complete, agencies recommended identifying areas where commercial solutions are available to implement the Framework and gaps where those solutions do not yet exist. The government can then emphasize research and development to meet the most pressing cybersecurity challenges where commercial solutions are not currently available.
While these reports do not yet represent a final Administration policy, they do offer an initial examination of how the critical infrastructure community could be incentivized to adopt the Cybersecurity Framework as envisioned in the Executive Order. We will be making more information on these efforts available as the Framework and Program are completed.
Today, Secretary Napolitano and GSA Administrator Dan Tangherlini officially opened the U.S. Department of Homeland Security (DHS) Consolidated Headquarters campus with a ceremonial ribbon cutting at the newly built U.S. Coast Guard Headquarters building. The opening of the new facility marks the completion of the first phase of the consolidation project on St. Elizabeths west campus.
Secretary Napolitano and GSA Administrator Tangherlini were joined by U.S. Senate Homeland Security & Governmental Affairs Committee Chairman Senator Tom Carper, and House Subcommittee on Economic Development, Public Buildings and Emergency Management Ranking Member Congresswoman Eleanor Holmes Norton, DC Mayor Vincent Gray, DC Ward 8 Councilmember Marion Barry, and U.S. Coast Guard Commandant Admiral Robert Papp Jr. to unveil the new facility, pictured above.
Read more about the opening of the new DHS headquarters here.