On May 15, the Department of Homeland Security released its long-awaited Cybersecurity Strategy.
The Strategy aims to reduce cybersecurity risk through “an innovative approach that fully leverages our collective capabilities across the Department and the entire cybersecurity community.” It sets a course of cybersecurity policy for the Department for the next five years and signals a more assertive approach to cyber vis a vis other agencies by setting forth clearer consequence for agencies that don’t adopt best practices. It also fleshes out an initiative for DHS to engage the private sector more actively and share cybersecurity tools directly with industry, especially critical infrastructure sectors such as hospitals, information technology, health care, transportation systems and chemical plants.
The Strategy organizes itself around five pillars: Risk Identification, Vulnerability Reduction, Threat Reduction, Consequence Mitigation, Enable Cybersecurity Outcomes.
Within the pillars are seven “goals”: 1. Assess Evolving Cybersecurity Risks, 2. Protect Federal Government Information Systems, 3. Protect Critical Infrastructure, 4. Prevent and Disrupt Criminal Use of Cyberspace, 5. Respond Effectively to Cyber Incidents, 6. Strengthen the Security and Reliability of the Cyber Ecosystem, 7. Improve Management of DHS Cybersecurity Activities.
The Strategy notes that end-to-end encryption, anonymous networks, online marketplaces, and cryptocurrencies are among the cybersecurity issues where DHS needs to improve its performance.
If you’d like more information on the Strategy, and you don’t have time to review the full 35-page document linked above, try the Department’s fact sheet on the subject.
Putting it Into Practice: While parts of the Strategy are focused only on governmental issues such as election security that have little immediate relevance for the average company, it signals that the Department is going to engage more on cybersecurity with private industry. Companies should look for opportunities to take advantage of the resources and assistance it will offer. Moreover, as the lead cybersecurity agency for the entire federal government, the general themes and approaches DHS takes toward cybersecurity can be instructive to anyone tracking where the government is headed on cybersecurity, or looking to improve their own program.