U.S. Department of Homeland Security (DHS) National Protection and Programs Directorate (NPPD) Office of Cybersecurity and Communication Assistant Secretary Jeanette Manfra addresses DHS’ ongoing and collaborative efforts to strengthen the cybersecurity of the Nation’s critical infrastructure.
DHS S&T has awarded 418 Intelligence Corporation of Herndon, Virginia $350,000 to develop a forecasting platform that will help critical infrastructure owners and system operators share and keep abreast of the latest developments in cybersecurity protection.
The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has awarded StackRox, Inc. of Mountain View, California, a $200,000 contract to harden the cyber defenses of financial institutions.
As Secretary of Homeland Security, I am often asked “who’s responsible within the federal government for cybersecurity? Who in the government do I contact in the event of a cyber incident?”
Secretary Johnson today hosted U.S. Reps. Michael McCaul and John Ratcliffe at DHS’ National Cybersecurity and Communications Integration Center (NCCIC) to officially deploy a system to exchange cyber threat indicators between government and the private sector at machine speed.
Cyber threats to critical infrastructure remain one of our Nation’s most serious security and economic sustainability challenges. With over 80 percent of critical infrastructure owned by the private sector, and with millions of cyber-dependent equities owned by individuals or federal, state, local, tribal, and territorial (SLTT) entities and agencies, securing cyberspace must be achieved collaboratively. Exercises are critical to testing this coordination, and more importantly, to building and maintaining strong relationships among the cyber incident response community.
The Department of Homeland Security (DHS) works closely with the Department of Energy (DOE) and the electric sector to ensure the security, resilience, and reliability of the U.S. power grid. Additionally, many American utility providers have invested heavily in both cyber and physical security. While the U.S. power grid is highly resilient, it’s important for owners and operators of electric and other critical infrastructure sector assets to be aware of this particular threat and to implement mitigation steps that will reduce their vulnerabilities to similar cyber-attacks and other malicious activity employing these tactics, techniques, and procedures. To be clear, this threat applies to any sector that uses industrial control systems, not just the electric sector.
Today the Department of Homeland Security, with the Department of Justice, issued guidelines and procedures, required by the Cybersecurity Act of 2015.
Many cyber attacks can be identified—and prevented—by sharing information about unique attack attributes, also known as indicators. A cyber threat indicator might include unique attributes of a spearphishing e-mail, such as the subject line or sending computer; or it might be a specific piece of software known to contain malicious code.