On May 15, the U.S. Department of Homeland Security (DHS) released a strategy outlining the Department’s approach to identifying and managing national cybersecurity risk. The DHS strategy details a Department-wide approach to address the evolving threats to America’s cyber and critical infrastructure security.
Directed by the National Defense Authorization Act of 2017, this strategy addresses strategic and operational goals and priorities to successfully execute the full range of the DHS Secretary’s cybersecurity responsibilities. The intent is for this strategy to enable the harmonization and prioritization of DHS planning, programming, budgeting, and operational activities across all DHS cybersecurity mission areas. It will focus on coordinating departmental cybersecurity activities to ensure a unity of effort.
“The cyber threat landscape is shifting in real-time, and we have reached a historic turning point,” said DHS Secretary Kirstjen Nielsen. “Digital security is now converging with personal and physical security, and it is clear that our cyber adversaries can now threaten the very fabric of our republic itself. That is why DHS is rethinking its approach by adopting a more comprehensive cybersecurity strategy. In an age of brand-name breaches, we must think beyond the defense of specific assets—and confront systemic risks that affect everyone from tech giants to homeowners. Our strategy outlines how DHS will leverage its unique capabilities on the digital battlefield to defend American networks and get ahead of emerging cyber threats.”
The Department’s strategy sets forth a five-part approach to manage national cyber risk aimed at ensuring the availability of critical national functions and fostering efficiency, innovation, trustworthy communication, and economic prosperity in ways consistent with national values and that protect privacy and civil liberties.
- Risk Identification: Assess the evolving national cybersecurity risk posture to inform and prioritize risk management activities.
- Vulnerability Reduction: Protect federal government information systems by reducing the vulnerabilities of federal agencies to ensure they achieve an adequate level of cybersecurity.
- Threat Reduction: Reduce national cyber threats by countering transnational criminal organizations and sophisticated cyber criminals.
- Consequence Mitigation: Respond effectively to cyber incidents to thereby minimize consequences from potentially significant cyber incidents through coordinated community-wide response efforts.
- Enable Cybersecurity Outcomes: Strengthen the security and reliability of the cyber ecosystem by supporting policies and activities that enable improved global cybersecurity risk management and execute departmental cybersecurity efforts in an integrated and prioritized way.
The goals and objectives set forth in this strategy are designed to ensure that DHS maximizes its unique resources to accomplish impactful policy and operational outcomes. A core guiding principle underlying the DHS strategy approach is collaboration across the cybersecurity community, including with DHS partners in the federal government, state and local governments, industry, and the international community. By working closely with these partners, the Department believes that cyberspace can be made safe and secure enabling the functioning of government, the delivery of essential services, and the betterment of the lives of the American people.