The Department of Homeland Security (DHS) unveiled on Tuesday, 14 May, a new national strategy to be implemented to address evolving cybersecurity risks. The DHS strategy outlines strategic and operational goals and priorities to successfully execute the full range of the DHS secretary’s cybersecurity responsibilities.
“The strategy is built on the concepts of mitigating systemic risk and strengthening collective defense,” Homeland Security Secretary Kirstjen Nielsen said Tuesday as reported by The Hill. “Both will inform our approach to defending U.S. networks and supporting governments at all levels and the private sector in increasing the security and resilience of critical infrastructure.”
DHS aims to have improved national cybersecurity risk management and increased security and resilience across government networks and critical infrastructure by 2023.
The strategy is thorough in addressing cyber-threats. Recognizing that the proliferation of connected devices increases risk, DHS details its plans to manage threats from malicious actors with a wide range of motivations. Through a five-pillar strategy that includes risk identification, vulnerability reduction, threat reduction, consequence mitigation and cybersecurity outcome enablement, DHS will first look to gain a better understanding of our national risk posture.
“Understanding these risks at the strategic level will enable us to effectively allocate resources and prioritize efforts to address vulnerabilities, threats, and consequences across all of our cybersecurity activities,” the strategy states.
Driven by the guiding principles of cost-effective risk prioritization that takes a collaborative and global approach toward innovation and agility while balancing equities and honoring national values, DHS plans to mitigate cybersecurity threats at national and systemic levels.
The strategy also states that in order to protect critical infrastructure, DHS will partner with key stakeholders, “including sector specific agencies and the private sector, to drive better cybersecurity by promoting the development and adoption of best practices and international standards, by providing services like risk assessments and other technical offerings, and by improving engagement efforts to advance cybersecurity risk management efforts.”
While many applaud the release of the long-awaited national cybersecurity strategy to address the growing risks from nation-state attacks, some are concerned about the mixed messages coming out of the White House with the announcement that the cybersecurity coordinator position on the National Security Council has been eliminated.
“Eliminating the White House’s top cybersecurity job is vexing for a number of reasons. It comes at a time when our greatest cyber-adversaries, namely Russia, Iran and North Korea, are more relevant than ever on the global stage, and the country already lacks central cybersecurity leadership,” said Netskope's CEO, Sanjay Beri.
"The US needs cybersecurity leadership today more than ever, but the current structure of our top officials needs to be overhauled if we hope to correct course," Beri continued. "Forming a cohesive cyber-defense strategy has become nearly impossible as hundreds of departments report into a siloed set of decision makers. Instead of eliminating jobs we need to be creating them, and the first step in the right direction would be the appointment of a federal CISO to oversee all of our nation’s cybersecurity initiatives and promote interagency collaboration.”