- Home
- Agencies
- Department of Agriculture
- Department of Housing and Urban Development
- General Services Administration
- Department of Commerce
- Department of the Interior
- National Aeronautics and Space Administration
- Department of Defense
- Department of Justice
- National Science Foundation
- Department of Education
- Department of Labor
- Office of Personnel Management
- Department of Energy
- Department of State
- Small Business Administration
- Environmental Protection Agency
- Department of Transportation
- Social Security Administration
- Department of Health and Human Services
- Department of the Treasury
- U.S. Agency for International Development
- Department of Homeland Security
- Department of Veterans Affairs
- Goals
- Initiatives
- Programs
Primary tabs
Key to Changes
This text is Revised text
This word has been added to the text
This text is Last Published text
This word has been removed from the text
Modifed styling with no visual changes
Strategic Objective
Goal 4.1: Strengthen the Security and Resilience of Critical Infrastructure Against Cyber Attacks and Other Hazards
Strategic Objective
Overview
The concept of critical infrastructure as discrete, physical assets has become outdated as everything becomes linked to cyberspace. This "cyber-physical convergence" has changed the risks to critical infrastructure in sectors ranging from energy and transportation to agriculture and healthcare. DHS coordinates with its private sector partners as well as with state, local, tribal, and territorial governments to share information and intelligence regarding cyber threats and vulnerabilities, foster development of trustworthy products and services, and encourage the adoption of best-in-class cybersecurity practices.
We will pursue the following strategies to strengthen the security and resilience of critical infrastructure against cyber attacks and other hazards:
- Enhance the exchange of information and intelligence on risks to critical infrastructure and develop real-time situational awareness capabilities that ensure machine and human interpretation and visualization by increasing the volume, timeliness and quality of cyber threat reporting shared with the private sector and state, local, tribal, and territorial partners, and enabling the National Cybersecurity and Communications Integration Center (to receive information at "machine speed" by enabling networks to be more self-healing, using mathematics and analytics to mimic restorative processes that occur biologically.
- Partner with critical infrastructure owners and operators to ensure the delivery of essential services and functions by building effective partnerships to set a national focus and determine collective actions, providing assistance to local and regional partners, and leveraging incentives to advance security and resilience, as described in the National Infrastructure Protection Plan: Partnering for Security and Resilience.
- Identify and understand interdependencies and cascading impacts among critical systems by leveraging regional risk assessment programs, organization-specific assessment, asset and network-specific assessment, and cross-sector risk assessments.
- Collaborate with agencies and the private sector to identify and develop effective cybersecurity policies and best practices through voluntary collaboration with private sector own-ers and operators (including their partner associations, vendors, and others) and govern-ment entity counterparts.
- Reduce vulnerabilities and promote resilient critical infrastructure design by identifying and promoting opportunities that build security and resilience into critical infrastructure as it is being developed and updated, rather than focusing solely on mitigating vulnerabilities present within existing critical infrastructure.
Progress Update
The Department of Homeland Security (DHS) has determined that performance toward this goal is making satisfactory progress.
Introduction
Our critical infrastructure is increasingly connected and interdependent. Securing and enhancing its resilience is an economic and national security imperative. As most of the nation’s infrastructure is owned and operated by the private sector, DHS partners with industry stakeholders and federal, state, local, territorial, and tribal governments to manage risks that may have national-level impacts. During FY 2014, these endeavors produced satisfactory results in strengthening the security and resilience of critical infrastructure against cyberattacks and other hazards.
Major Achievements
In FY 2014, DHS continued to implement mandates from the 2013 National Infrastructure Protection Plan (NIPP), Presidential Policy Directive 21-Critical Infrastructure Security and Resilience, and Executive Order 13636 Improving Critical Infrastructure Cybersecurity by facilitating the sharing of timely and actionable risk products. DHS provides a wide range of risk assessment tools and support to stakeholders that promote risk-based decisions on physical and cyber security measures. DHS initiated the implementation of NIPP 2013 through the release of the Secretary’s Joint National Priorities for critical infrastructure, updates of Sector Specific Plans, and the stand-up of a working group to measure progress and coordinate efforts to meet the NIPP Call to Action to leverage partnerships, innovate for risk, and focus on outcomes. Notably, DHS launched the Critical Infrastructure Cyber Community Voluntary Program as the coordination point within the Federal Government for critical infrastructure stakeholders, both public and private, to improve their cyber risk management processes.
Major Challenges & Opportunities for Improvement
DHS lacks a holistic and coordinated risk management approach that includes both physical and cyber security. Employing an all-hazards approach, DHS continues to work with stakeholders to coordinate policies, tools, capabilities, and human capital that address both physical and cyber security. DHS also lacks robust performance measures that demonstrate the impacts of efforts undertaken by the DHS and its stakeholders. DHS continues to work with its partners to develop security and resilience measures that will aid in understanding Critical Infrastructure Security and Resilience program effectiveness. Lastly, with the persistent and evolving threats posed by cyber incidents, DHS continues to work with its industry partners to define public and private sector roles and responsibilities for responding to significant cyber incidents. Ensuring a timely and coordinated response is key to mitigating impacts in order to better protect both organizations and the American public.