DHS responds to release of Cybersecurity National Action Plan
On February 10, DHS Deputy Under Secretary for Cybersecurity and Communications Phyllis Schneck and NPPD Under Secretary Suzanne Spaulding released the folloinwg statement in response to the White House’s Cybersecurity National Action Plan:
Yesterday, the White House announced the Cybersecurity National Action Plan (CNAP), an important new initiative to bolster our Nation’s cybersecurity. Cybersecurity is one of the Department of Homeland Security’s highest priorities, and we’ve recently made significant progress increasing the cybersecurity posture of our government, our citizens, and our critical infrastructure.
Strengthening Federal Cybersecurity
DHS has enhanced federal cybersecurity by expanding our EINSTEIN and Continuous Diagnostics and Mitigation (CDM) programs. As directed by Congress, EINSTEIN 3 Accelerated—which strengthens perimeter defense for federal civilian agencies by detecting and blocking known cyber threats, including classified threats—will protect all federal civilian agencies by the end of 2016. DHS is also piloting an analytic-based “reputation scoring” system as part of EINSTEIN which will prioritize indicators by likely severity and identify new potential threats. By the end of 2016, all federal civilian agencies will also have implemented CDM Phase 1, which detects vulnerabilities in computers and software and prioritizes these risks, enabling agencies to fix the most severe vulnerabilities first. DHS will also increase its federal civilian cyber defense teams from 10 to 48. These teams will respond to incidents, conduct “red team” penetration testing, proactively hunt for intruders on federal networks, and help agencies design more secure systems.
DHS is developing a cadre of cybersecurity professionals to defend our Nation’s networks. The Department has expanded access to the Federal Virtual Training Environment—an online, on-demand training system that provides access to cybersecurity curricula—to federal, state, local, tribal, and territorial government employees and U.S. veterans. DHS hosts the National Initiative for Cybersecurity Careers and Studies website, a searchable catalogue of cybersecurity training, education, and career opportunities, and offers a Cyber Student Volunteer Initiative for college students pursuing cybersecurity-related degrees in which they participate in hands-on cybersecurity work as well as mentoring and professional development activities. The Department also co-sponsors CyberCorps Scholarship for Service and the National Centers for Academic Excellence in Cybersecurity Program, both of which are intended to produce a pipeline of cybersecurity professionals.
The CNAP calls for a new public awareness campaign to encourage Americans to use multi-factor authentication for their online accounts. This campaign will build upon the success of DHS’s Stop.Think.Connect. campaign, which promotes safe online behavior and practices. Since 2010, the Campaign has increased Americans’ understanding of cyber threats and empowered them to be safer online through partnerships, audience-specific resources, and events like National Cyber Security Awareness Month.
Enhancing Critical Infrastructure Security and Resilience
DHS encourages critical infrastructure owners and operators to manage cyber risk by adopting the NIST Cybersecurity Framework. The Department’s Critical Infrastructure Cyber Community Voluntary Program supports the practical application of the Framework by facilitating access to free technical assistance, tools, and related resources. In support of this effort DHS will host nearly 180 events throughout 2016. DHS will also increase the number of Cybersecurity Advisors available to assist critical infrastructure entities.
Recognizing that cyber threat information sharing is essential to the protection of critical infrastructure, the Department has made significant progress improving the scale, scope, and speed of its information sharing initiatives. Among these many achievements: the Cyber Information Sharing and Collaboration Program has expanded to more than 160 private sector participants; the Enhanced Cybersecurity Services program has expanded beyond critical infrastructure entities to all U.S.-based public and private organizations, added a third service offering and a fourth Commercial Service Provider; and DHS recently selected the University of Texas at San Antonio as the Information Sharing and Analysis Organization Standards Organization, which will publish a first draft of best practices this summer. As mandated by Congress, DHS is also relaunching its Automated Indicator Sharing initiative this month, which will enable the exchange of cyber threat indicators between private sector entities and the government at machine speed, allowing participants to mitigate cyber threats on their networks in near-real-time while protecting Americans’ privacy and civil liberties.
In addition, DHS is working with Congress to further strengthen our efforts to protect critical infrastructure by transitioning the National Protection and Programs Directorate to a new operational component called Cyber and Infrastructure Protection, which includes elevating the National Cybersecurity and Communications Integration Center to the Assistant Secretary level and more fully enlisting our field forces to greatly expand our ability to help businesses manage cyber risks.
The CNAP is an important strategy to enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take better control of their digital security. These are important priorities for DHS, and we will continue to further our efforts to ensure a safer and more secure cyberspace.