The Department continues to improve cybersecurity across all critical information sectors as well as its cyber infrastructure and networks.
Analyzing and Reducing Cyber Threats and Vulnerabilities
DHS is building a world-class cyber security team by hiring a diverse group of cyber security professionals—computer engineers, scientists, and analysts—to secure the nation’s digital assets and protect against cyber threats to critical infrastructure and key resources. In 2012, Secretary Napolitano announced a new initiative through the Homeland Security Advisory Council, in conjunction with public-private partnerships, to develop an agile cyber workforce across the federal government. The Department has increased our cybersecurity workforce by 500 percent over the past two years.
To improve coordination and oversight, the Department has undergone some reorganization and added resources and capabilities. DHS has centralized its key cybersecurity functions, including the U.S. Computer Emergency Readiness Team (US-CERT) and the National Cyber Security Division (NCSD), under a single Deputy Under Secretary for National Protection and Programs.
On the technology front: DHS has deployed the EINSTEIN 2 capability – an automated cyber surveillance system that monitors federal internet traffic for malicious intrusions and provides near real-time identification of malicious activity – at 15 Departments and agencies and four Managed Trusted Internet Protocol Service providers, private internet service providers that assist federal agencies in protecting their computers, networks and information.
Distributing Threat Warnings
In October 2009, DHS opened the National Cyber security and Communications Integration Center. This 24-hour watch and warning center serves as the nation’s principal hub for organizing cyber response efforts and maintaining the national cyber and communications common operational picture. DHS also works with the private sector, other government agencies and the international community to mitigate risks by leveraging the tools, tradecraft, and techniques malicious actors use and converting them into actionable information for all 18 critical infrastructure sectors to use against cyber threats.
At the front lines we have forged vital partnerships with antivirus companies to take proactive measures to stop possible threats from reaching public and private sector partners by developing and sharing standardized threat indication, prevention, mitigation, and response information products with its .gov partners and constituents. This was accomplished by the U.S. Computer Emergency Readiness Team (US-CERT). In 2011, US-CERT responded to more than 106,000 incident reports, and released more than 5,000 actionable cyber security alerts and information products to public and private sector partners.
In 2011, the DHS Industrial Control Systems Computer Emergency Response Team (ICS-CERT) conducted 78 assessments of control system entities, which helps the business community to identify security gaps and prioritize mitigation measures. DHS also empowers owners and operators by providing a cyber self-evaluation tool, which was utilized by over 1,000 companies in 2011, as well as in-person and on-line training sessions.
Cybersecurity Partnerships Expand
The President’s Cybersecurity Policy Review called for “a comprehensive framework to facilitate coordinated responses by Government, the private sector, and allies to a significant cyber incident.” The Department of Homeland Security coordinated the interagency, state and local government, and private sector working group that developed the National Cyber Incident Response Plan, which provides a framework for effective incident response capabilities and coordination between federal agencies, state and local governments, the private sector, and international partners during significant cyber incidents.
Significant DHS interagency partnerships include:
- The Department of Homeland Security and the Department of Defense (DOD) signed a landmark memorandum of agreement in 2010 to protect against threats to critical civilian and military computer systems and networks. The agreement embeds Department of Defense cyber analysts within Department of Homeland Security and sent a senior Department of Homeland Security official, as well as Department of Homeland Security privacy, civil liberties and legal personnel, to DOD’s National Security Agency.
- The Department hosted Cyber Storm III, a three-day exercise that brought together a diverse cross-section of the Nation’s cyber incident responders – including participation from 13 countries, 11 states and seven federal agencies – to simulate a large-scale cyber attack on critical infrastructure across the nation.
- The Department of Homeland Security, the Department of Defense, and the Financial Services Information Sharing and Analysis Center launched a pilot initiative designed to help protect key critical networks and infrastructure within the financial services sector by sharing actionable, sensitive information.
- The Department implemented the Cybersecurity Partners Local Access Plan, which allows owners and operators of critical infrastructure and key resources, as well as state technology officials and law enforcement officials, to access secret-level cybersecurity information via local fusion centers.
- The Department of Homeland Security and the Office of Management and Budget work cooperatively with agencies across the federal government to coordinate the protection of the nation’s federal information systems through compliance with the Federal Information Security Management Act of 2002.