One of the Department of Homeland Security’s priorities in cybersecurity is supporting small and medium-sized businesses. Like their larger counterparts, small and medium businesses frequently house sensitive personal data, and proprietary and financial information. And they are increasingly becoming targets for cyber criminals who recognize that smaller businesses may be easier to penetrate as they may lack the institutional knowledge and resources that larger companies have to protect their information.
DHS and our federal partners have dedicated significant resources to helping small and medium businesses improve their cybersecurity. Earlier this year, we put out a request for information to help us assist small and medium businesses adopt the NIST Cybersecurity Framework, a set of voluntary standards, guidelines, and practices. The Framework and the Department’s C3 Voluntary Program are designed to move cybersecurity from an afterthought in the IT budget of many businesses to an investment in risk mitigation based on potential consequences. Cybersecurity should be a discussion in every boardroom, independent of company size. By working together with the private sector, we can drive markets and innovation through economies of scale to deliver the best cybersecurity to all of our companies and citizens.
We have also worked with the Federal Communications Commission and others to develop a Small Biz Cyber Planner, a tool for businesses to create custom cybersecurity plans. The planner includes information on cyber insurance, advanced spyware, and how to install protective software. In addition, the Cybersecurity for Small Business training course, offered by the U.S. Small Business Administration, covers the basics of cybersecurity and information security, including the kind of information that needs to be protected, common cyber threats, and cybersecurity best practices.
The private sector provides various tools and resources for small and medium business owners as well. Internet Essentials for Business 2.0 is a guide for business owners, managers, and employees developed by the U.S. Chamber of Commerce. The guide focuses on identifying common online risks, best practices for securing networks and information, and what to do when a cyber incident occurs. The DHS Stop.Think.Connect.TM campaign recently added the National Association of Women Business Owners (NAWBO) as a partner to help us raise awareness amongst business owners about the importance of cybersecurity.
Every company is at risk. We must all budget and plan for the ability to keep operations running while we recover from an attack or attack attempt. The cyber adversaries are everywhere, and they prey on the uninformed and the complacent. If you are a business owner, we encourage you to take a few simple steps to improve your company’s cybersecurity. These include:
- Use and regularly update anti-virus and anti-spyware software on all computers; automate patch deployments across your organization to protect against vulnerabilities.
- Secure your Internet connection by using a firewall, encrypting information and hiding your Wi-Fi network.
- Establish security practices and policies to protect sensitive information; educate employees about cyber threats and how to protect your organization’s data and hold them accountable to the Internet security policies and procedures.
- Require that employees use strong passwords and regularly change them.
- Invest in data loss prevention software for your network and use encryption technologies to protect data in transit.
- Protect all pages on your public-facing websites, not just the checkout and sign-up pages.
- Consider cybersecurity as part of your overall corporate risk, and govern cybersecurity with a policy that comes from the Boardroom – and is part of your culture.
- Think about new and innovative ways to enhance cybersecurity and drive your business while you protect it.
For more information on National Cyber Security Awareness Month, visit www.dhs.gov/national-cyber-security-awareness-month-2014.
I am pleased to present the Privacy Office’s 2014 Annual Report to Congress, highlighting our achievements during the past year, from July 2013 to June 2014.
Earlier this year, the Privacy Office celebrated a decade of excellence marked by significant accomplishments, including:
- DHS’s Privacy Impact Assessment Official Guidance has become a model for other agencies and foreign countries.
- Publishing a directive on the Department’s operational use of social media, setting the standard for how other agencies embrace this technology.
At the beginning of its second decade, the Privacy Office spearheaded a briefing of the DHS Data Framework Project for the White House’s Big Data and Privacy Study, Big Data: Seizing Opportunities, Preserving Value, and contributed significantly to a chapter on the DHS Data Framework, illustrating how federal agencies can use technology to protect privacy.
We know that technology and innovation will continue to drive the development of new processes, ideas, and programs that help keep our nation safe. DHS must continue to adapt and respond thoughtfully with new policies and protections, with greater speed and efficiency.
In order to stay ahead of these challenges, the Department, especially the Privacy Office, must remain focused on the following priorities:
- Renewing our emphasis on being responsible stewards for the personal data of citizens and non-citizens alike;
- Critically assessing new systems and programs while working collaboratively with the operators and system designers to develop robust privacy protections;
- Expanding our service as a consultative organization that identifies, explores, and develops best practices for privacy and transparency;
- Continuing to mature and strengthen the privacy enterprise by setting and raising the bar for transparency;
- Increasing our engagement with the privacy community; and
- Modernizing privacy protections in some of DHS’s legacy IT systems.
Our work is never done. We will continue to ensure that DHS remains committed to protecting the privacy of all individuals, and to providing the highest level of transparency and accountability.
It is my hope and expectation that in the course of decades to come, the Privacy Office and the Department as a whole will be even more widely celebrated in its efforts to preserve our values as well as we protect the homeland.
Learn more about the Privacy Office.
We all are increasingly reliant on the Internet. Not just when we’re on a laptop or smart phone. The underlying critical infrastructure that provides essential services to all of us also is becoming more dependent on the internet. While these cyber-dependent networks and devices offer greater convenience and efficiency, they also come with potential risks and threats to our security.
DHS recognizes that these emerging cyber threats require the engagement of our entire society – from government to the private sector and members of the public. Pursuant to the President’s Executive Order 13636: Improving Critical Infrastructure Cybersecurity, the National Institute for Standards and Technology developed and released a Cybersecurity Framework, a collection of cybersecurity standards available to critical infrastructure owners and operators and governments. To help entities implement the Framework, DHS launched the C3 Voluntary Program. This public-private partnership assists businesses of all sizes, and at all levels, from the board room to the IT department and everyone in between, as well as government, educational institutions, and households all across the country, to become more secure online.
Consumers play an important role in helping to secure critical infrastructure not only by practicing good cyber hygiene themselves, but also by becoming well-informed about whether the companies and organizations they do business with adhere to high cybersecurity standards.
On an individual basis, consumers can:
- Beware of requests to update or confirm personal information online. Most organizations do not ask for personal information over email.
- Make sure websites that ask for personal information (e.g., to pay a utility bill) use encryption to secure their sites.
- Learn about steps to enhance security and resilience in local businesses and communities.
By working together, we can protect the critical infrastructure on which we all we rely, keeping ourselves, our families, and our communities safer and more secure from threats both physical and cyber.
Visit www.dhs.gov/national-cyber-security-awareness-month-2014 for more information about National Cyber Security Awareness Month.
I was extremely proud to join with my colleagues today from across the Department of Homeland Security, including the Federal Emergency Management Agency (FEMA), as we engage many of our friends in the 2014 Public Private Partnerships Conference. We are meeting with a wide range of public and private sector partners, such as the United States Northern Command and the U.S. Chamber of Commerce, to discuss the significant ways we have worked together and how we plan on building on our successes to create a stronger, more resilient, Nation.
The 2014 “Building Resilience through Public-Private Partnerships” conference is a forum that allows for the sharing of ideas, best practices and lessons learned with our partners throughout academia, government, the private sector, and internationally. This year’s conference includes key speeches from Secretary of Homeland Security Jeh Johnson, FEMA Administrator Craig Fugate, U.S. Chamber of Commerce Foundation Executive Vice-President Al Martinez-Fonts Jr., and CEO of the Weather Channel David Kenny.
The discussions over the course of the day and a half, and the relationships that will be forged and strengthened, will go a long way toward ensuring safe, secure and resilient communities where our way of life can thrive.
Over the years, as we’ve faced many challenges from natural disaster or from others who look to harm our Nation, we have found that challenges are best met and handled through partnerships across Federal, state and local governments, the private sector, and non-profit and faith-based organizations.
The 2014 conference is highlighting successful partnerships across the homeland security enterprise and identifies ways to ensure a true unity of effort toward shared goals. Each year, the conference attracts over 450 participants who look to promote innovation in furthering ongoing partnerships across the enterprise. Just a few of the topics of discussion this year include: “The Evolving Threat Environment,” “Bridging the Cyber-Physical Connection,” “Public-Private Partnerships in Action,” and “Business Continuity and Corporate Philanthropy: Why Resilience is Good for the Corporate Will.”
For additional information, visit the 2014 Building Resilience through Public-Private Partnerships Conference page and remember to follow us on Twitter at: #PPPConf
Information technology (IT) exists in almost all of the products that we use. IT products help us run our homes, businesses, and cities and help us to stay in touch with loved ones around the world. As we embrace new technologies, we must acknowledge the security challenges and potential threats that inadvertently accompany them. An entire industry has been developed to help secure these products, including anti-virus software and malware detectors, security services firms, and offices dedicated to protecting information technology.
As software becomes more complex, discovering vulnerabilities within these systems also becomes more difficult. For example, the recent Heartbleed vulnerability existed within popular encryption software for two years before it was discovered.
Not every household or company is able to ‘employ’ cyber professionals to ensure that their IT products are secure. Therefore, during National Cyber Security Awareness Month, we are looking at the importance of securely developing IT products to decrease the number of vulnerabilities in software as it is built. This involves following a software development lifecycle and adding security features, like encrypting information and requiring strong passwords. Building software so that it is secure from the beginning helps us all.
Government and industry groups must work together in this endeavor, setting and maintaining high cybersecurity standards across all critical infrastructure industries. In this spirit, the Department of Homeland Security (DHS) developed the Software Assurance Program, which seeks to reduce software vulnerabilities, minimize exploitation, and address ways to improve the routine development and deployment of trustworthy software products. Through a public-private partnership, the Software Assurance Program is designed to spearhead the development of practical guidance and tools and to promote research and development investment in cybersecurity.
Regardless of how secure our IT products are, everyone has a role to play in protecting our cybersecurity. Individual users can and should take a few steps to improve their cybersecurity. For instance, when purchasing software or hardware, consumers should:
- Install and maintain vendor-distributed patches or updates
- Ensure they are using the latest operating systems on their computers and mobile devices
- Use strong passwords
To learn more about software and applications, visit the US-CERT tips and advice page.
Secure IT products also do not excuse people from practicing unsafe online behavior. I encourage everyone to stop and think about the choices they make when online, and to connect with care and caution. For general online safety tips and resources, visit the Stop.Think.Connect.™ campaign resource guide.
I also encourage people to consider a career in cybersecurity. The country is in need of a strong cybersecurity workforce to help build the secure IT products of the future. Learn more about cyber careers at www.dhs.gov/join-dhs-cybersecurity.
To learn more about National Cyber Security Awareness Month 2014, visit www.dhs.gov/national-cyber-security-awareness-month-2014.
This week marks the start of National Cyber Security Awareness Month 2014, a time to reflect on our cybersecurity practices and promote greater online safety for all Americans. Thanks to technology, the world is more interconnected than ever before. Through the Internet, people across the globe can connect to each other and conduct more of their business and personal activities online. People can bank exclusively online, stay in touch with family and friends, control their homes and cars from their smartphones, and work remotely from almost anywhere. But with the convenience of the Internet also comes potential threats to our personal information and security.
Being online exposes us to cyber criminals and others who commit identity theft, fraud, and harassment. Every time we connect to the Internet – at home, at school, at work, or on our mobile devices – we make decisions that affect our cybersecurity. Emerging cyber threats require engagement from the entire American community to create a safer cyber environment—from government and law enforcement to the private sector and, most importantly, members of the public.
National Cyber Security Awareness Month is designed to engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cybersecurity and increasing the resiliency of the nation in the event of a cyber incident. Throughout this month, DHS and its partners will host numerous events across the country and distribute of resources and materials to the public. Year-round, we also engage the public through the Stop.Think.Connect.™ campaign to encourage Americans to practice safe online behavior.
Organizations can support National Cyber Security Awareness Month by hosting an event in their community or distributing cybersecurity tips and resources such as the Stop.Think.Connect.™ toolkit.
With a few simple steps, all Internet users can improve their cyber hygiene during October and throughout the year. These include:
- Set strong passwords and don’t share them with anyone.
- Keep your operating system, browser, and other critical software optimized by installing updates.
- Maintain an open dialogue with your family, friends, and community about Internet safety.
- Limit the amount of personal information you post online and use privacy settings to avoid sharing information widely.
- Be cautious about what you receive or read online—if it sounds too good to be true, it probably is.
Stay tuned for news and events throughout National Cyber Security Awareness Month. For more information, visit http://www.dhs.gov/national-cyber-security-awareness-month-2014.
Posted by: Mike Kangior, Senior Director of Resilience Policy & Matt Fuchs, Deputy Director of Resilience Policy
Yesterday, the Department of Homeland Security (DHS) recognized the nation’s first recipients of Resilience STARTM designations during a ceremony hosted by the Insurance Institute for Business & Home Safety (IBHS). The Resilience STARTM Home Pilot Project is part of the Department’s continuing effort to work with our state, local, and private sector partners to ensure our local communities are resilient in the face of all disasters.
Yesterday’s ceremony recognized homeowners who have met the goals of the DHS Resilience STARTM Pilot Project, which promotes home design features that are both affordable and proven to enhance resilience to disasters such as hurricanes. Earlier this year, DHS began soliciting applications from builders, homeowners, and third-party evaluators to participate in the Pilot Project. Several hurricane-prone coastal communities in Alabama and Mississippi were chosen for the projects, and the pilot homes were built or retrofitted, and evaluated by independent third parties to ensure that homes meet IBHS standards for structural resilience.
The Resilience STARTM designation is given to homes that are built or retrofitted to withstand damage from specific natural disasters, utilizing the standards and third-party verification process in the IBHS FORTIFIED HomeTM program. The FORTIFIED standards are designed to improve the quality of residential construction and feature practical, meaningful solutions for new and existing homes throughout the United States.
Through initiatives like the Resilience STARTM Home Pilot Project, we can continue to increase the readiness and resilience of our communities. In the coming months, it is anticipated that DHS will launch additional pilot projects.
For more information on the Resilience STAR™ Home Pilot Project, visit https://www.disastersafety.org/resilience-star/.
Posted by Megan H. Mack, Officer for Civil Rights and Civil Liberties
Being able to communicate efficiently and effectively is critical to the Department of Homeland Security’s diverse missions. Today, I am pleased to announce the release of draft Language Access Plans from the Department’s component agencies, which address the language needs of persons with limited English proficiency.
These Language Access Plans, developed pursuant to Executive Order 13166, Improving Access to Services for Persons with Limited English Proficiency and the DHS Language Access Plan issued in February 2012, provide a framework for the Department’s components and offices to improve our delivery of language services for diverse communities across the country.
The Department is now seeking the public’s input to ensure that we are providing meaningful access to our programs and activities for our stakeholders, including persons with limited English proficiency and the organizations that represent them. Your input will assist us in continuing to develop approaches to ensure meaningful access by persons with limited English proficiency that is “practical and effective, fiscally responsible, responsive to the particular circumstances of [DHS], and can be readily implemented.”
The following components and offices have draft plans available for your comments: Federal Emergency Management Agency, Transportation Security Administration, U.S. Citizenship and Immigration Services; U.S. Coast Guard, U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, U.S. Secret Service, Office of Civil Rights and Civil Liberties Office of Inspector General; National Protection and Programs Directorate, Federal Protective Services, and the Office of the Citizenship and Immigration Services Ombudsman.
DHS welcomes your feedback from now through October 31, 2014, by providing written comment or through participating in stakeholder engagement meetings. The Office of Civil Rights and Civil Liberties, together with representatives from across the Department and the federal government, will review your comments and work to implement your suggestions in the final version of the plans.
We are proud of the work the Department has done to address the critical language needs of our country’s diverse landscape. The Office of Civil Rights and Civil Liberties will continue to support the Department’s goal to ensure that all individuals can meaningfully participate in DHS programs and activities through language access.
To learn more about the draft DHS Language Access Plans and to find opportunities to provide input at one of the stakeholder meetings, please contact email@example.com. CRCL has access to interpreters and translators and can communicate with you in any language, for those who do not speak or write in English.
Editors Note: This was originally posted on the U.S. Coast Guard Mid Atlantic's official blog
Posted by U.S. Coast Guard PA3 David Weydert
The Coast Guard Jayhawk helicopter banked hard, flying around the last reported location of the distressed swimmer. The eyes of the helicopter crew were glued to the water, searching for any sign of splashing or movement. The crew’s newest member, Isaac Simmons started pointing and yelling over the headset.
“I see him! I see him,” shouted Simmons as he spotted the distressed swimmer.
“That’s not what we say, what do we say Isaac?” asked Petty Officer 2nd Class Roderick Ansley, the crew’s rescue swimmer.
“Oh yeah, mark, mark, mark,” exclaimed Simmons.
Ansley was cutting Simmons a little slack as Isaac Simmons is only 7-years-old.
Over the weekend Coast Guard Base Elizabeth City partnered with the Make-A-Wish Foundation to welcome the newest Coast Guard rescue member, Isaac Simmons of Archdale, North Carolina. Isaac lives with a rare heart condition called Hypo-Plastic Right Heart, but that didn’t slow him down as he lived out his dream of being part of a Coast Guard rescue helicopter crew.
“Isaac has been telling us for several years that he wants to be a rescue pilot. It’s been amazing,” said Elizabeth Simmons, Isaac’s mother. “We thought [the Coast Guard] was just going to show him around, we didn’t know he would be getting into a plane!”
Isaac’s adventure began Saturday at the air station when he met with Coast Guard helicopter pilots and crew in preparation for his flight. The rescue swimmers presented Isaac with a personalized, miniature flight suit and the safety gear he needed.
The flight with Isaac was planned as a routine patrol down North Carolina’s Outer Banks. His flight took him over waving Coast Guard Facebook and Twitter fans who followed Isaac’s adventure throughout the day. During the flight, a sudden distress call came in reporting a troubled swimmer, played by the base’s chaplain unbeknownst to Isaac, needed an immediate rescue. The helicopter pilots diverted course to assist. Arriving on scene, Isaac spotted the chaplain and helped in deploying the crew’s rescue swimmer. Isaac watched firsthand the coordination and teamwork needed to hoist someone aboard the helicopter. He then helped provide first-aid before landing at a local hospital, Isaac himself carefully walked the rescued chaplain down the path, guiding him to safety.
Upon his return to the air station, Isaac was greeted by a cheering crowd and the air station’s commanding officer who welcomed him back and presented him with awards and a set of naval aviator wings.
On day two of his adventure, Isaac toured the Aviation Technical Training Center where he learned what it takes to become an aviation crewmember. He then experienced being rescued by Coast Guard rescue swimmers, learned how the electronics worked within the helicopter with Coast Guard aircraft electricians and got into the nitty-gritty with Coast Guard aircraft mechanics. At the end of the day, Isaac was presented with three honorary degrees in the aviation fields by the school’s commanding officer.
“All this was amazing. The Coast Guard here went above and beyond everything that we thought could happen,” said Ryan Simmons, Isaac’s father. “Everybody was wonderful, and this has just been a great experience and the time of his life.”
For more photos and captions, please visit: http://www.dvidshub.net/image/1520754/coast-guard-dream-becomes-reality-...
For a recap of the live Facebook posts, please visit: www.facebook.com/uscgmidatlantic
When I became Under Secretary for Science and Technology this past spring, I was humbled and honored to be a part of such a distinguished organization as the Department of Homeland Security (DHS) Science and Technology Directorate (S&T). I was immediately impressed with the passion the S&T staff displayed in regards to the importance of our mission and how it affects the security of our nation today and in the future.
As the primary research and development arm of DHS, S&T is dreaming big – looking 20 to 30 years out, or even further, to define core “North Star” visionary goals for the future. And we need your insights – your best thinking.
Over the past several months, the S&T team has developed and refined proposed visionary goals that are based solidly on the policies and priorities of the White House, the 2014 Quadrennial Homeland Security Review, and the DHS Secretary. We’ve posted these goals on the S&T Collaboration Community and invite your input.
Based on what we know of today’s homeland security environment, what do you think the future will look like in 20 to 30 years? What should S&T plan to tackle now to ensure the nation is more resilient and secure in the future?
This is what we are working with our partners across the entire homeland security mission space to define – our ultimate end state, our “North Star.” When finalized, S&T’s Visionary Goals will help lay the foundation for the creation of a new strategic plan.
We encourage you to join the discussion and:
- Provide insights into each of the proposed visionary goals.
- Add new visionary goals for consideration (Click on “Submit New Idea” on this page).
- Share your ideas and perspectives and comment on others’ ideas through the comment features.
All comments provided during this comment period will be reviewed by the working group and incorporated, where possible, into the final S&T Visionary Goals – to be released in early Fall. The S&T Collaboration Community site will be open for comment through Sept. 7, 2014.
Make your voice heard – share your best thinking so together we can set a path to a stronger, safer, more resilient future.