The Department of Homeland Security and its components play a lead role in strengthening cybersecurity resilience across the nation and sectors, investigating malicious cyber activity, and advancing cybersecurity alongside our democratic values and principles.
President Biden has made cybersecurity a top priority for the Biden-Harris Administration at all levels of government. To advance the President’s commitment, and to reflect that enhancing the nation’s cybersecurity resilience is a top priority for DHS, Secretary Mayorkas issued a call for action dedicated to cybersecurity in his first month in office. This call for action focused on tackling the immediate threat of ransomware and on building a more robust and diverse workforce.
In March 2021, Secretary Mayorkas outlined his broader vision and a roadmap for the Department’s cybersecurity efforts in a virtual address hosted by RSA Conference, in partnership with Hampton University and the Girl Scouts of the USA.
View Transcript | View Original
After his presentation, the Secretary was joined by Judith Batty, Interim CEO of the Girls Scouts, for a fireside chat to discuss the unprecedented cybersecurity challenges currently facing the United States. Dr. Chutima Boonthum-Denecke from Hampton University’s Computer Science Department introduced the Secretary and facilitated a Q&A to close the program.
What DHS is Doing
The Cybersecurity and Infrastructure Security Agency (CISA) leads the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. The agency connects its stakeholders in industry and government to each other and to resources, analyses, and tools to help them fortify their cyber, communications, and physical security and resilience, which strengthens the cybersecurity posture of the nation.
CISA is at the center of the exchange of cyber defense information and defensive operational collaboration among the federal government, and state, local, tribal and territorial (SLTT) governments, the private sector, and international partners. The agency has two primary operational functions. First, CISA is the operational lead for federal cybersecurity, charged with protecting and defending federal civilian executive branch networks in close partnership with the Office of Management and Budget, the Office of the National Cyber Director, and federal agency Chief Information Officers and Chief Information Security Officers. Second, CISA is the national coordinator for critical infrastructure security and resilience, working with partners across government and industry to protect and defend the nation’s critical infrastructure.
- Learn more about how CISA is coordinating DHS’s broad cyber mission.
The Cyber Safety Review Board (CSRB), an independent public-private advisory body administered by DHS through CISA, brings together public and private sector cyber experts/leaders to review and draw lessons learned from the most significant cyber incidents. Under the leadership of the Board’s Chair, DHS Under Secretary for Policy Robert Silvers, and Deputy Chair, Google VP for Security Engineering Heather Adkins, the CSRB recently published its first report on the Log4j software vulnerability. The report included 19 actionable recommendations for the public and private sectors to work together to build a more secure software ecosystem. DHS is already leading by example to implement the recommendations, through CISA guidance and Office of the Chief Information Officer initiatives to enhance open source software security and invest in open source software maintenance.
The Transportation Security Agency (TSA) is charged with securing the nation’s transportation systems, which includes aviation, intermodal and surface transportation. The network of surface transportation operators include highway and motor carriers, freight and passenger railroad carriers, pipeline owners and operators, and mass transit carriers. In close coordination with CISA, TSA uses a combination of regulation and public-private partnerships to strengthen cyber resilience across the broad transportation network. TSA’s efforts include a combination of cybersecurity assessments and engagements; stakeholder education; publication of cybersecurity guidance and best practices; and use of its regulatory authority to mandate appropriate and durable cybersecurity measures.
The United States Coast Guard (USCG) enables operations at sea, in the air, on land and space by delivering effects and capabilities in and through cyberspace. It is the nation’s lead federal agency for securing and safeguarding the maritime domain. In its role as a military, law enforcement, and regulatory agency, the Coast Guard has broad authority to combat cyber threats and protect U.S. maritime interests both domestically and abroad. In support of the Maritime Transportation System (MTS), the Coast Guard continually promotes best practices, identifies potential cyber-related vulnerabilities, implements risk management strategies, and has in place key mechanisms for coordinating cyber incident responses.
The United States Secret Service (USSS) investigates a range of cyber-enabled crime with a particular focus on protecting the nation’s financial infrastructure.The Secret Service cybercrime mission focuses on acts that target and threaten the American financial system, such as network intrusions and ransomware, access device fraud, ATM and point-of-sale system attacks, illicit financing operations and money laundering, identity theft, social engineering scams, and business email compromises. Through the agency’s Cyber Fraud Task Forces (CFTF), the Secret Service brings together critical partners, to include other law enforcement agencies, prosecutors, private industry, and academia, to pursue a comprehensive response to the threat.
Immigration and Customs Enforcement - Homeland Security Investigations (ICE HSI) is a worldwide law enforcement leader in dark net and other cyber-related criminal investigations. HSI's Cyber Crimes Center (C3) delivers computer-based technical services to support domestic and international investigations into cross-border crime. C3's Child Exploitation Investigations Unit (CEIU) is a powerful tool in the fight against the sexual exploitation of children; the production, advertisement and distribution of child pornography; and child sex tourism.
The Office of the Chief Information Officer (OCIO) ensures strong cybersecurity practices within DHS, so that the Department may lead by example. OCIO works with component agencies to mature the cybersecurity posture of the Department as a whole. OCIO continues to secure and strengthen the Department of Homeland Security’s cybersecurity posture by implementing and managing the DHS Information Security Program and ensuring DHS' compliance with applicable federal laws, executive orders, directives, policies, and regulations.
The Office of Policy is leading the whole of federal government effort to coordinate, de-conflict, and harmonize cyber incident reporting requirements through the Cyber Incident Reporting Council. Established under the bipartisan Cyber Incident Reporting for Critical Infrastructure Act, the Council brings together federal departments and independent regulators. Through the Council, the Office of Policy is extensively engaging with private sector stakeholders to ensure that we hear from the stakeholders themselves who will benefit from streamlined reporting requirements to ensure greater quality, quantity, and timeliness.
FY22 Cybersecurity Sprints
In his March 31, 2021, address, Secretary Mayorkas outlined a bold vision for the Department’s cybersecurity efforts to confront the growing threat of cyber-attacks, including a series of 60-day sprints to operationalize his vision, to drive action in the coming year, and to raise public awareness about key cybersecurity priorities.
- Learn more about the FY22 Cybersecurity Sprints
Overview of Additional Ongoing Cybersecurity Priorities
In addition to the series of 60-day sprints, the Secretary will focus on four ongoing priorities: (1) cementing the resilience of democratic institutions, including the integrity of elections and institutions outside of the executive branch, (2) building back better to strengthen the protection of civilian federal government networks, (3) advancing a risk-based approach to supply chain security and exploring new technologies to increase resilience, and (4) preparing for strategic, on-the-horizon challenges and emerging technology such as the transition to post-quantum encryption algorithms.
Fair and free elections are a hallmark of American democracy. The American people’s confidence in the value of their vote is principally reliant on the security and resilience of the infrastructure that makes the Nation’s elections possible. Accordingly, an electoral process that is both secure and resilient is a vital national interest and one of the Department of Homeland Security’s highest priorities. The Department’s Cybersecurity and Infrastructure Security Agency (CISA) is committed to working collaboratively with those on the front lines of elections—state and local governments, election officials, federal partners, and vendors—to manage risks to the Nation’s election infrastructure. CISA will remain transparent and agile in its vigorous efforts to secure America’s election infrastructure from new and evolving threats.
On May 12, 2021, President Biden signed an Executive Order to improve the nation’s cybersecurity and protect federal government networks following recent cybersecurity incidents exploiting SolarWinds and Microsoft Exchange. This Executive Order makes a significant contribution toward modernizing cybersecurity defenses by protecting federal networks, improving information-sharing between the U.S. government and the private sector on cyber issues, and strengthening the United States’ ability to respond to incidents when they occur. DHS encourages private sector companies to follow the Federal government’s lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents.
Most of the actions outlined in the Executive Order are to be implemented by the Department of Homeland Security, namely CISA. In addition, Congress provided CISA with new authorities in the 2021 National Defense Authorization Act (NDAA) and with a down payment to improve the protection of civilian federal government networks with the funding provided through the American Rescue Plan. This ongoing priority will therefore focus on implementing the Executive Order, the NDAA, and the funding provided by Congress in an effective and timely manner.
The Executive Order signed by President Biden in May 2021 focuses on improving software supply chain security by establishing baseline security standards for development of software sold to the government, including requiring developers to maintain greater visibility into their software and making security data publicly available. It stands up a concurrent public-private process to develop new and innovative approaches to secure software development and uses the power of Federal procurement to incentivize the market. Finally, it creates a pilot program to create an “energy star” type of label so the government – and the public at large – can quickly determine whether software was developed securely.
Too much of software, including critical software, is shipped with significant vulnerabilities that can be exploited by cyber criminals. The Federal Government will use its purchasing power to drive the market to build security into all software from the ground up.
This ongoing priority will focus on implementing this part of the Executive Order.
In his March 31, 2021 speech, Secretary Mayorkas stressed the need for senior leaders to focus on strategic, on-the-horizon challenges and emerging technology. He specifically highlighted the importance of the transition to post-quantum encryption algorithms pointing out that the transition is as much dependent on the development of such algorithms as it is on their adoption. While the former is already ongoing, planning for the latter remains in its infancy. The government and industry must prepare for it now to protect the confidentiality of data that already exists today and remains sensitive in the future.
Together with its interagency partners, DHS is developing a plan for how the Department can help facilitate this transition. Considering the scale, implementation will be driven by the private sector, but the government can help ensure the transition will occur equitably, and that nobody will be left behind. DHS will focus on three pillars to drive this work forward, working in close coordination with NIST and other Federal and nonfederal stakeholders: (1) Planning for DHS’s own transition to quantum resistant encryption, (2) Cooperating with NIST on tools to help individual entities prepare for and manage the transition, and (3) Developing a risks and needs-based assessment of priority sectors and entities and engagement plan.
- Launch of DHS Guidance, Roadmap, and FAQs in partnership with NIST
December 29, 2022 | Press Releases
2022 Year in Review: DHS Responded to Wide-Ranging Threats and Challenges, Built Capacity for the Future
December 6, 2022 | Press Releases
Secretary Mayorkas to Travel to Ecuador and Colombia
December 2, 2022 | Press Releases
Cyber Safety Review Board to Conduct Second Review on Lapsus$