Strengthening cybersecurity in the U.S.

Here, we take a look at the work of the Department of Homeland Security when it comes to strengthening cybersecurity in the U.S., including the Cybersecurity and Infrastructure Security Agency Cybersecurity Division

Daily life, national security and economic vitality and in the U.S. depend on a stable, safe and resilient cyberspace, according to the Department of Homeland Security (DHS).

During November 2018, President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. This significant piece of legislation elevates the mission of the former National Protection and Programs Directorate (NPPD) within DHS and sets up the Cybersecurity and Infrastructure Security Agency (CISA).

“CISA builds the national capacity to defend against cyber-attacks and works with the federal government to provide cybersecurity tools, incident response services and assessment capabilities to safeguard the ‘.gov’ networks that support the essential operations of partner departments and agencies.”

One can see that such action is necessary because nation-states and sophisticated cyber actors take advantage of vulnerabilities to steal money and information and are working on capabilities to disrupt, destroy, or threaten vital essential services from being delivered.1

Cybersecurity Division

The CISA Cybersecurity Division leads efforts to protect the federal “.gov” domain of civilian government networks and works with the private sector – the “.com” domain – to heighten the security of critical networks.2 This occurs through the four functions listed below:

The National Cybersecurity and Communications Integration Center (NCCIC) aim to lower the risk of systemic cybersecurity and communications challenges in their role as the U.S.’s flagship cyber defence, incident response and operational integration centre. 3 Since 2009, the NCCIC has served as a national hub for cyber and communications information, technical expertise, operating by means of a 24/7 situational awareness, analysis and incident response centre.

The Stakeholder Engagement and Cyber Infrastructure Resilience (SECIR) division within CISA streamlines strategic outreach to industry partners and government, by leveraging capabilities, information and intelligence and experts to meet stakeholder requirements.4

The Federal Network Resilience (FNR) Division plays a crucial part in providing direct cybersecurity support, communications and coordination to all Federal Executive Branch agencies. Their aim is to transform Federal Government cybersecurity risk management through operational governance and training, as well as encouraging effective collaboration.5

Concerning network security deployment, we know that CISA established the Network Security Deployment (NSD) division to serve as the cybersecurity acquisition and engineering “Center of Excellence” to encompass the entire DHS organisation.6

Currently, Jeanette Manfra is the Assistant Director for Cybersecurity for CISA and as such, she leads the DHS in their mission to strengthen and protect the U.S.’s critical infrastructure from cyber threats. As the sector-specific agency for the IT sectors in the U.S., CISA coordinates national-level reporting that is in keeping with the National Response Framework (NRF).7

Strengthening America’s cybersecurity workforce

When it comes to cybersecurity in the U.S., it’s important to note that in early May 2019, President Trump signed an Executive Order that directs the federal government to take critical steps to strengthen America’s cybersecurity workforce. This action will bolster the mobility of the U.S.’s frontline cybersecurity practitioners and support the development of their skills to encourage excellence in the field. In addition, it will help ensure the U.S. retains its competitive edge in cybersecurity. It is also worth noting that today, there is a shortage of 300,000 cybersecurity practitioners in the country.

Acting Secretary Kevin K. McAleenan explains his thoughts on this Executive Order: “America’s cybersecurity practitioners – whether working in the private sector or serving in the federal, state, local, tribal, or territorial governments – constitute a core element in our country’s frontline defence and we must urgently bolster them in the face of a myriad of cybersecurity threats. DHS and this Administration are committed to bold action. From enabling movement between the private and public sectors to supporting our workforce’s training, education and development, the President’s action today sets the course to expand and sustain the workforce and ensure America keeps its competitive edge in the critical field of cybersecurity.”8

National Critical Functions

In closing, we find out that in early May this year, the CISA releases the inaugural set of National Critical Functions.9 In summary, these are supported or used by the government and private sector and as such, they are of crucial importance to the U.S, in that their disruption, dysfunction or corruption would have a debilitating impact on security, national public health or safety, national economic security or any combination of these.

Let’s leave the last word to CISA Director Christopher Krebs who comments on cybersecurity risk, which is just one part of the CISA’s excellent work. “Identifying these National Critical Functions has been a collaborative process between public and private sector partners and marks a significant step forward in the way we think about and manage risk. By moving from an individual, sector-specific lens to a more comprehensive, cross-cutting risk management framework, we can identify and manage risk in a more strategic and prioritised manner.”10

 

References

1. https://www.dhs.gov/topic/cybersecurity
2. https://www.dhs.gov/cisa/cybersecurity-division
3. https://www.dhs.gov/cisa/national-cybersecurity-communications-integration-center
4. https://www.dhs.gov/cisa/stakeholder-engagement-and-cyber-infrastructure-resilience
5. https://www.dhs.gov/cisa/federal-network-resilience
6. https://www.dhs.gov/cisa/network-security-deployment
7. https://www.dhs.gov/person/jeanette-manfra
8. https://www.dhs.gov/cisa/news/2019/05/02/white-house-cybersecurity-workforce-executive-order-bolsters-us-frontline
9. https://www.dhs.gov/cisa/national-critical-functions-set
10.  https://www.dhs.gov/cisa/news/2019/04/30/cisa-releases-national-critical-functions-set