Our daily life, economic vitality, and national security depend on a stable, safe, and resilient cyberspace.
Cyberspace and its underlying infrastructure are vulnerable to a wide range of risk stemming from both physical and cyber threats and hazards. Sophisticated cyber actors and nation-states exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services.
On November 16, 2018, President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. This landmark legislation elevates the mission of the former National Protection and Programs Directorate (NPPD) within DHS and establishes the Cybersecurity and Infrastructure Security Agency (CISA). CISA builds the national capacity to defend against cyber attacks and works with the federal government to provide cybersecurity tools, incident response services and assessment capabilities to safeguard the ‘.gov’ networks that support the essential operations of partner departments and agencies.
For cybersecurity, CISA's main focus areas include:
- Combatting Cyber Crime and Cyber Incident Response
- Securing Federal Networks, Protecting Critical Infrastructure, and providing Cybersecurity Governance
- Promoting Information Sharing, Training and Exercises, and Cyber Safety information
Vulnerability Disclosure Program
The Vulnerability Disclosure Program (VDP) is the digital embodiment of "If You See Something, Say Something®. Part of the SECURE Technology Act, the program establishes a relationship between security researchers and the Federal Government to identify and disclose potential cybersecurity vulnerabilities.
DHS recognizes that security researchers are essential to protecting organizations and the Internet as a whole. Therefore, DHS invites reports of any vulnerabilities discovered on all internet-accessible DHS information systems, applications, and websites.
- allows the individuals, organizations, and companies who discover vulnerabilities in the information systems of DHS to report their findings to the DHS; and
- gives DHS first insight into newly discovered vulnerabilities within our VDP scope.
The information submitted to DHS using this form will be used for mitigation of cybersecurity vulnerabilities.
- Report a vulnerability using the Vulnerability Disclosure Form
- Vulnerability Disclosure Program Policy and Rules of Engagement