The United States Department of Homeland Security (DHS) recently released a 35-page report setting forth a new strategic plan designed to ensure the department and the nation keep pace with the evolving cyber risk landscape.
In its report, DHS reveals that the number of reported cyber incidents on federal systems increased more than ten-fold in the decade between 2006 and 2015. With an estimated 20 billion devices connected to the Internet by 2020, DHS Secretary Kirstjen Nielsen said in a statement announcing the new plan that it is critical that DHS “confront system risks that affect everyone from tech giants to homeowners.”
DHS’s strategy identifies five “pillars” of the department’s risk management approach: (1) identify risks, (2) reduce vulnerabilities, (3) reduce threats, (4) mitigate consequences and (5) enable cybersecurity outcomes. Within these pillars, the department has identified seven goals, including: (1) assess evolving cybersecurity risk, (2) protect federal government information systems, (3) protect critical infrastructure, (4) prevent and disrupt criminal use of cyberspace, (5) respond effectively to cyber incidents, (6) strengthen the security and reliability of the cyber ecosystem and (7) improve management of DHS cybersecurity activities.
In line with its goal of reducing federal vulnerabilities, DHS says that “[c]ertain elements of the federal enterprise must be further centralized to appropriately and consistently address key cybersecurity risks and provide improved enterprise-wide security.” Additionally, DHS says it will work with other federal agencies, nonfederal cybersecurity firms and other federal and nonfederal entities “to gain an adequate understanding of the national cybersecurity risk posture, analyze evolving interdependencies and systemic risk and assess changing techniques of malicious actors.” In line with this effort, DHS will prioritize its offerings to focus on systemic risks or to address risk at individual entities that have the greatest potential impact on national security, public health and safety and economic security.
Although the strategy document sets forth broad objectives and overarching goals, it is relatively vague on details and specific actions the Department will take to implement those strategies. Those details, the Department says, will be released shortly in a corresponding “implementation plan” that will outline individual roles, responsibilities, programs and timelines for accomplishing the Department’s goals by 2023.