New DHS National Cybersecurity Framework Sets Goals, Milestones
The U.S. Department of Homeland Security (DHS) on Tuesday teed up a new national cybersecurity framework covering vulnerabilities, resilience, bad actors, incident response and the cyber ecosystem.
Right there on the front cover of the 35-page U.S. Department of Homeland Security Cybersecurity Strategy, the DHS pledged to accomplish the following by 2023:
- Improved national cybersecurity risk management by increasing security and resilience across government networks and critical infrastructure.
- Decreased illicit cyber activity.
- Improved cyber incident response.
- Fostered a more secure and reliable cyber ecosystem through a unified departmental approach, strong leadership, and close partnership with other federal and non-federal entities.
Five Pillars for Cybersecurity
The federal government’s cybersecurity strategy is built on what it calls five “pillars” and its corresponding goals:
Pillar I – Risk identification.
Goal 1: Assess evolving cybersecurity risks by prioritizing risk management activities.
Pillar II – Vulnerability reduction.
Goal 2: Protect federal government information systems with adequate levels of defense.
Goal 3: Protect critical infrastructure through partnerships with key stakeholders.
Pillar III – Threat reduction.
Goal 4: Prevent and disrupt criminal use of cyberspace by countering transnational criminal organizations and sophisticated cyber criminals.
Pillar IV – Consequence mitigation.
Goal 5: Minimize consequences from potentially significant cyber incidents through coordinated community-wide efforts.
Pillar V – Enable cybersecurity outcomes.
Goal 6: Strengthen the security and reliability of the cyber ecosystem.
“The United States faces threats from a growing set of sophisticated malicious actors who seek to exploit cyberspace,” the report said. “Motivations include espionage, political and ideological interests, and financial gain. Nation-states continue to present a considerable cyber threat. But non-state actors are emerging with capabilities that match those of sophisticated nation-states.”
Congress Pushes for Cybersecurity Progress
Congressional legislators have been pressing the Trump administration since the beginning of his term to craft and enact a national cybersecurity policy. A month ago, Trump sent Congress a classified cybersecurity report detailing U.S. policy for defending the country against foreign nation state hackers. Earlier this year, he asked Congress for $3.4 billion to fund a DHS division tasked with battling cyber threats to federal networks and critical infrastructure. A defense policy law enacted last year required Trump to craft a national cybersecurity policy.
Meanwhile, the White House confirmed that it has scrapped the position of cybersecurity coordinator, electing not to fill the job left vacant when Rob Joyce ended a 14-month detail to return to the National Security Agency (NSA), where he has worked for 25-years. Joyce announced his plans last month, less than a week after DHS advisor Tom Bossert resigned on April 10. He and Joyce are the most notable of a number of departures since John Bolton’s appointment as national security advisor in April.
Some cybersecurity experts expressed concern about the elimination of the White House cybersecurity coordinator role. Noted SonicWall CEO Bill Conner: “The dissolution of these cyber policy roles is concerning, especially as global tensions rise providing a catalyst for retaliatory nation-state attacks. We’re in a cyber arms race, so it’s imperative that we stay focused on safeguarding our public and private sectors, both large and small. The more expertise at the table on the matter, the better.”
Still, the Trump administration defended the decision to scrap the cybersecurity coordinator position. “Today’s actions continue an effort to empower National Security Council (NSC) senior directors,” a spokesperson said, according to a Reuters report. “Streamlining management will improve efficiency, reduce bureaucracy and increase accountability.” The NSC’s two senior cyber policy directors occupy adjacent workspaces and will be able to coordinate matters in real time, the spokesperson reportedly said.