Primary tabs

View
Show Changes(active tab)

Status message

No visible changes

Key to Changes

This text is Revised text

This word has been added to the text

This text is Last Published text

This word has been removed from the text

Modifed styling with no visual changes

Strategic Objective

Goal 4.2: Secure the Federal Civilian Government Information Technology Enterprise

Strategic Objective

Secure the Federal Civilian Government Information Technology Enterprise

Themes:

National Defense

DHS.gov

Facebook Twitter Linkdin Mail RSS

XML

CSV

Overview
Progress Update
Related Goals

Overview

The Federal Government provides essential services and information on which many Americans rely. Not only must the government protect its own networks, it must serve as a role model to others in implementing security services. DHS itself plays a leading role in securing federal civilian networks, allowing the Federal Government to do its business securely. DHS partners with agencies to deploy products such as the EINSTEIN set of capabilities that provide perimeter network-based intrusion detection and prevention.

We will pursue the following strategies to secure the

Progress Update

The Department of Homeland Security (DHS) has determined that performance toward this goal is making satisfactory progress.

Introduction
The Federal Government provides essential services and information on which many Americans rely. Not only must the government protect its own networks, it must serve as a role model to others in implementing security services. DHS itself plays a leading role in securing federal civilian networks, allowing the Federal Government to do its business securely.

Major Achievements
Among our successes, the Continuous Diagnostics & Mitigation (CDM) program significantly improved initial operating capacity, and the Chief Information Officer (CIO) team conducted extensive engagements with stakeholders and partners across the federal civilian government to increase CIO’s knowledge on the cybersecurity services available to them by DHS and to foster collaboration and coordination.

As of December 31, 2014, DHS reached a total of 62 signed Memoranda of Agreement (covering all 23 non-defense Chief Financial Officer Act agencies in addition to 40 small/micro agencies and the U.S. Postal Service) to permit DHS to provide the full suite of EINSTEIN program capabilities for internet security situational awareness. The EINSTEIN Program is an automated process for collecting, correlating, analyzing, and sharing computer security information across the Federal civilian government so that federal agencies will be aware of the threats to their infrastructure in nearly real-time and can act swiftly to take corrective measures. DHS increased EINSTEIN 2 coverage to 79 departments or agencies, including 18 of 18 .gov Trusted Internet Connection Access Providers.

DHS also established intrusion prevention services with two additional internet service providers (ISPs), putting three “Tier 1” critical ISP Intrusion Prevention Security Service contracts in place. DHS deployed Einstein 3 Accelerated capabilities to one ISP, providing the capacity to protect 500,000 federal users from malicious e-mail attacks (such as e-mail-initiated spear phishing campaigns) or malware installed on .gov networks from communicating with external entities attempting to control that malware.

As of December 31, 2014, CIO increased the number of required Personal Identification Verification (PIV) card users to authenticate to a DHS network from 16 percent to 84 percent. DHS CIO also designed and hosted the first Small and Micro Agency Cybersecurity Support Workshop, providing information to small agency Chief Information Security Officers (CISOs) and CIOs on the cybersecurity services available to them through DHS.

Through outreach activities, DHS was able to receive all Secured Content Automation Protocol (SCAP) feeds from the departments/agencies for the first time. This effort also included a Performance Analysis Console which was implemented within CyberScope that includes vulnerability risk scoring charts on Agencies’ Federal Information Security Management Act (FISMA) and SCAP submissions over periods of time, furthering our understanding of risk through data.

Major Challenges & Opportunities for Improvement
Executive Order13691, Promoting Private Sector Cybersecurity Information Sharing, granted DHS authorities in developing a unique standards organization for information sharing. DHS has an opportunity to collaborate with both public and private sector partners to increase the exchange of threat information beyond the current capabilities by creating a common set of standards to govern the creation and function of Information Sharing Analysis Organizations. Deploying our technical tools can present a challenge as CDM will not operate at full capacity until the sensors are fully installed at participating agencies and the Federal dashboard is operational. In addition, the interpretation of the implementation of HSPD-12 Mandatory PIV varies from agency-to-agency across government, creating a disparity when results are rolled up.

Expand All

Strategic Goals

Strategic Goal:

Mission 4: Safeguard and Secure Cyberspace

Statement:

Safeguard and Secure Cyberspace.

Strategic Objectives

Goal 4.1: Strengthen the Security and Resilience of Critical Infrastructure Against Cyber Attacks and Other Hazards

Statement:

Strengthen the Security and Resilience of Critical Infrastructure Against Cyber Attacks and Other Hazards

Description:

The concept of critical infrastructure as discrete, physical assets has become outdated as everything becomes linked to cyberspace. This "cyber-physical convergence" has changed the risks to critical infrastructure in sectors ranging from energy and transportation to agriculture and healthcare. DHS coordinates with its private sector partners as well as with state, local, tribal, and territorial governments to share information and intelligence regarding cyber threats and vulnerabilities, foster development of trustworthy products and services, and encourage the adoption of best-in-class cybersecurity practices.

We will pursue the following strategies to strengthen the security and resilience of critical infrastructure against cyber attacks and other hazards:

Enhance the exchange of information and intelligence on risks to critical infrastructure and develop real-time situational awareness capabilities that ensure machine and human interpretation and visualization by increasing the volume, timeliness and quality of cyber threat reporting shared with the private sector and state, local, tribal, and territorial partners, and enabling the National Cybersecurity and Communications Integration Center (to receive information at "machine speed" by enabling networks to be more self-healing, using mathematics and analytics to mimic restorative processes that occur biologically.
Partner with critical infrastructure owners and operators to ensure the delivery of essential services and functions by building effective partnerships to set a national focus and determine collective actions, providing assistance to local and regional partners, and leveraging incentives to advance security and resilience, as described in the National Infrastructure Protection Plan: Partnering for Security and Resilience.
Identify and understand interdependencies and cascading impacts among critical systems by leveraging regional risk assessment programs, organization-specific assessment, asset and network-specific assessment, and cross-sector risk assessments.
Collaborate with agencies and the private sector to identify and develop effective cybersecurity policies and best practices through voluntary collaboration with private sector own-ers and operators (including their partner associations, vendors, and others) and govern-ment entity counterparts.
Reduce vulnerabilities and promote resilient critical infrastructure design by identifying and promoting opportunities that build security and resilience into critical infrastructure as it is being developed and updated, rather than focusing solely on mitigating vulnerabilities present within existing critical infrastructure.

Learn More

Goal 4.2: Secure the Federal Civilian Government Information Technology Enterprise

Statement:

Secure the Federal Civilian Government Information Technology Enterprise

Description:

We will pursue the following strategies to secure the federal civilian government information technology enterprise:

Coordinate government purchasing of cyber technology to enhance cost-effectiveness by using strategically sourced tools and services such as the Continuous Diagnostics and Mitigation program.
Equip civilian government networks with innovative cybersecurity tools, information, and protections by supporting research and development and making the innovations from research and development available not only to the Federal Government but widely available across the public and private spheres.
Ensure government-wide policy and standards are consistently and effectively implemented and measured by promoting the adoption of enterprise-wide policy and best practices and working with interagency partners to develop government-wide requirements that can bring the full strength of the market to bear on existing and emergent vulnerabilities.

Learn More

FY 16-17 Priority Goal: Improve Federal Network Security

Statement:

Improve federal network security by providing federal civilian executive branch agencies with the tools and information needed to diagnose, mitigate, and respond to cybersecurity threats and vulnerabilities. By September 30, 2017 DHS will deliver two phases of continuous diagnostics and mitigation tools to 100% of the participating federal civilian executive branch agencies so that they can monitor their networks.

Description:

The 2014 Quadrennial Homeland Security Review and the FY14-18 DHS Strategic Plan recognizes the continuing need to secure the federal civilian executive branch agencies’ information technology (IT) networks and systems. By law, each head of a federal department or agency is primarily responsible for their agency’s own cybersecurity. The Department of Homeland Security has overall responsibility for protecting federal civilian executive branch systems from cyber threats, helping agencies better defend themselves, and providing response teams to assist agencies during significant incidents. There is no one “silver bullet” for cybersecurity. The key is to install multiple layers of protection to best secure federal networks.
DHS’s National Cybersecurity and Communications Integration Center (NCCIC) is the U.S. government’s 24/7 hub for cybersecurity information sharing, incident response and coordination. The NCCIC shares information on cyber threats and incidents, and provides on-site assistance to victims of cyberattacks. The NCCIC is also where DHS manages the EINSTEIN system, the first basic layer of protection DHS provides at the network perimeter of each federal civilian executive branch agency. While there are three parts to the EINSTEIN set of capabilities, the focus is currently on the deployment of the third phase, known as EINSTEIN 3 Accelerated (E3A), which has the capacity to identify and block known malicious traffic.
DHS also helps federal agencies identify and fix problems inside their networks in near real-time using the Continuous Diagnostics and Mitigation program (CDM). Once fully deployed, CDM will constantly scan agency networks for vulnerabilities that bad actors could exploit if they did breach an agency’s perimeter. The CDM Program consists of three phases that are currently in various stages of availability to federal civilian executive branch agencies. The first phase of CDM focuses on “What is on the Network,” specifically asset management. This includes hardware and software assets, managing configuration settings, and vulnerabilities, all of which are foundational capabilities to protect systems and data. Phase 2 (“Who is on the Network”) covers user account and network privilege management; and Phase 3 (“What is Happening on the Network”) covers boundary protection, event management and security lifecycle management.

As of October 1, 2015, DHS has delivered the first phase of CDM to the 23 civilian Chief Financial Officer (CFO) Act agencies, covering 97 percent of the federal civilian Executive Branch government. These agencies are expected to deploy these CDM tools on their networks within the fiscal year.
Information sharing is also fundamental to achieving cybersecurity. The NCCIC shares information on cyber threats, vulnerabilities and incidents. In order to sufficiently address the rapidly evolving threats to our cyber systems, DHS and its partners must move beyond information sharing methods that are overly reliant on manual processes to be able to share cyber information in as close to real-time as possible. DHS is pursuing an aggressive schedule to deploy one of its next-generation information sharing techniques. The Department has an automated system in place to share cyber threat indicators, and DHS will extend this capability across the federal government and to the private sector, so that the larger community can send and receive threat indicators in near real-time.
This goal aligns with Administration cybersecurity priorities. The goal was established in coordination with OMB policies and guidance, to include the Cybersecurity Strategy and Implementation Plan (CSIP), the Fiscal Year 2015-2016 Guidance on Federal Information Security and Privacy Management Requirements, and the Cybersecurity CAP goal.

Learn More

Goal 4.3: Advance Cyber Law Enforcement, Incident Response, and Reporting Capabilities

Statement:

Advance Cyber Law Enforcement, Incident Response, and Reporting Capabilities

Description:

Online criminal activity threatens the Internet’s safe and secure use. Law enforcement performs an essential role in achieving our Nation’s cybersecurity objectives by detecting, investigating, and preventing a wide range of cybercrimes, from theft and fraud to child exploitation, and apprehending and prosecuting those responsible. In addition to criminal prosecution, there is a need to rapidly detect and respond to incidents, including through the development of quarantine and mitigation strategies, as well as to quickly share incident information so that others may protect themselves. Safeguarding and securing cyberspace requires close coordination among federal law enforcement entities, network security experts, state, local, tribal, and territorial officials, and private sector stakeholders.

We will pursue the following strategies to advance cyber law enforcement, incident response, and reporting capabilities:

Respond to and assist in the recovery from cyber incidents by managing incident response activities through the National Cybersecurity and Communications Integration Center and fostering enhanced collaboration between law enforcement and network security officials to pre-plan responses to cyber incidents.
Deter, disrupt, and investigate cybercrime by 1) increasing the quantity and impact of cybercrime investigations; 2) partnering with other agencies to conduct high-profile criminal investigations, prioritize the recruitment and training of technical experts, and develop standardized methods; and 3) strengthening law enforcement agencies’ ability to detect, investigate, and arrest those that make illicit use of cyberspace.

Learn More

Goal 4.4: Strengthen the Cyber Ecosystem

Statement:

Strengthen the Cyber Ecosystem

Description:

Our entire society, from government and law enforcement to the private sector and members of the public, must work collaboratively to improve our network defense. Ensuring a healthy cyber ecosystem will require collaborative communities, innovative and agile security solutions, standardized and consistent processes to share information and best practices, sound policies and plans, meaningful protection of privacy, civil rights, and civil liberties, and development of a skilled workforce to ensure those policies and plans are implemented as intended.

We will pursue the following strategies to strengthen the cyber ecosystem:

Drive innovative and cost effective security products, services, and solutions throughout the cyber ecosystem by working with domestic and international partners across the public and private spheres, and across the science and policy communities to identify promising technology, policy and standards that enable robust, trust-based, automated sharing of cybersecurity information and collective action to limit the spread of incidents and minimize consequences.
Conduct and transition research and development, enabling trustworthy cyber infrastructure by supporting initiatives to develop promising new security technologies and techniques including: 1) security automation techniques to facilitate real-time incident response; 2) interoperability to support security cooperation across sectors; and 3) privacy enhancing authentication to enable better system protection.
Develop skilled cybersecurity professionals by promoting cybersecurity knowledge and innovation, developing Department-wide human capital strategies, policies, and programs intended to enhance the DHS cyber workforce, and working with public and private sector partners to increase the pipeline of highly qualified homeland security professionals through academic and federal training programs.
Enhance public awareness and promote cybersecurity best practices by promoting National Cybersecurity Awareness Month and the Stop. Think. Connect.™ Campaign, which raise awareness through collaborative outreach efforts and distributing materials, resources, and tips to promote cybersecurity.
Advance international engagement to promote capacity building, international standards, and cooperation by working to establish and deepen relationships with foreign computer incident response teams both bilaterally and through participation in operationally-focused multilateral fora, such as the Forum for Incident Response and Security Teams.

Learn More

Agency Priority Goals

FY 16-17 Agency Priority Goal:

Improve Federal Network Security

Statement:

Description:

Learn More

Download
Featured Report

Agency Plans and Reports

Agency Strategic Plan