Protecting Our Federal Networks Against Cyber Attacks

Information technology provides both government and the private sector with an efficient and timely means of delivering essential services around the world.  However, the same technology that links these services also puts them at risk. 

In order to better protect our network systems from cyber attacks the Department of Homeland Security stood up the National Cyber Security Division (NCSD) in 2004. Since then, NCSD has partnered with government, industry and academia as well as the international community to make cybersecurity a national priority and to reinforce that it is a shared responsibility.

The National Security Presidential Directive 54/Homeland Security Presidential Directive 23 was issued on January 2, 2008, which established the Comprehensive National Cybersecurity Initiative (CNCI). The CNCI formalizes a series of continuous efforts to further safeguard our federal government systems from cyber threats and attacks. Under the CNCI, the Department has the lead in a number of areas. At the national level the CNCI focuses on three key areas:

• Establish a frontline defense to reduce current vulnerabilities and prevent intrusions;
• Defend against the full spectrum of threats by using intelligence and strengthening supply chain security; and
• Shape the future environment by enhancing our research, development and education as well as investing in leap-ahead technologies.

As part of, and in addition to, its role in the CNCI, the Department has responsibility for assuring the security, resiliency and reliability of the nation's information technology (IT) and communications infrastructure. The Department has focused its resources on improving the people, processes and technology necessary to prevent future attacks and intrusion attempts by:

• Hiring additional personnel for the U.S. Computer Emergency Readiness Team (US-CERT) the Department's 24x7 watch and warning center for the federal government's Internet infrastructure.  US-CERT, is charged with providing response support and defense against cyber attacks for the Federal Civil Executive Branch (.gov) and information sharing and collaboration with state and local government, industry and international partners. 
• Expanding the EINSTEIN Program to all federal departments and agencies.  This will provide government officials with an early warning system to gain better situational awareness, earlier identification of malicious activity and a more comprehensive network defense. The EINSTEIN Program helps identify unusual network traffic patterns and trends which signal unauthorized network traffic so security personnel are able to quickly identify and respond to potential threats.  In collaboration with the Department of Homeland Security Chief Information Officer, NCSD is in the process of deploying Einstein 2 to the Department.  Subsequent phases will include deployments to other Federal Executive Branch Departments.
• Consolidating the number of external connections to less than 100 by the end of 2009, including Internet points of presence for the federal government Internet infrastructure, as part of the Office of Management and Budget’s (OMB) " Trusted Internet Connections Initiative," will more efficiently manage and implement security measures to help bring more comprehensive protection across the federal .gov domain.
• Creating the National Cybersecurity Center in March 2008 furthered our progress in addressing cyber threats and by coordinating and integrating information across the interagency.  This center brings together federal cybersecurity organizations, by virtually connecting and in some cases, physically collocating personnel and resources to gain a clearer understanding of the overall cybersecurity picture of federal networks.  The Center has coordinating authority and is responsible for situational awareness and reporting across the .mil, .gov and .ic domains.
• Expanding the National Cyber Investigative Joint Task Force (NCIJTF) to include representation from the U.S. Secret Service and several other federal agencies. This existing cyber investigation coordination organization overseen by the Federal Bureau of Investigation will serve as a multi-agency national focal point for coordinating, integrating and sharing pertinent information related to cyber threat investigations.
• Working towards a stronger supply chain defense to reduce the potential for adversaries to manipulate IT and communications products before they are imported into the U.S. To address this challenge, the federal government is exploring protections into our federal acquisition process and developing a multi-faceted strategy to reduce risk at the most appropriate stage of the IT and communications product lifecycle. 
• Facilitating coordination and information sharing between the federal government and private sector to reduce cyber risk, disseminate threat information, share best practices and apply appropriate protective actions as outlined within the National Infrastructure Protection Plan (NIPP) framework. For example, the Department created a Control Systems Vulnerability Assessment Tool to help all critical infrastructure sectors assess certain policies, plans and procedures currently in place to reduce cyber vulnerabilities and leverage recognized standards. Building upon previous efforts and relationships with the private sector, the CNCI Project 12 Report, Improving Protection of Privately Owned Critical Network Infrastructure through Public-Private Partnerships, presents a series of recommendations and milestones that the Department is partnering with industry to achieve.
• Partnering with academia and industry to expand cyber education for all U.S. government employees, particularly those who specialize in IT, and enhance worksite development and recruitment strategies to ensure a knowledgeable workforce capable of dealing with the evolving nature of cyber threats.