- Home
- Agencies
- Department of Agriculture
- Department of Housing and Urban Development
- General Services Administration
- Department of Commerce
- Department of the Interior
- National Aeronautics and Space Administration
- Department of Defense
- Department of Justice
- National Science Foundation
- Department of Education
- Department of Labor
- Office of Personnel Management
- Department of Energy
- Department of State
- Small Business Administration
- Environmental Protection Agency
- Department of Transportation
- Social Security Administration
- Department of Health and Human Services
- Department of the Treasury
- U.S. Agency for International Development
- Department of Homeland Security
- Department of Veterans Affairs
- Goals
- Initiatives
- Programs
Primary tabs
Key to Changes
This text is Revised text
This word has been added to the text
This text is Last Published text
This word has been removed from the text
Modifed styling with no visual changes
Strategic Objective
Goal 4.3: Advance Cyber Law Enforcement, Incident Response, and Reporting Capabilities
Strategic Objective
Overview
Online criminal activity threatens the Internet’s safe and secure use. Law enforcement performs an essential role in achieving our Nation’s cybersecurity objectives by detecting, investigating, and preventing a wide range of cybercrimes, from theft and fraud to child exploitation, and apprehending and prosecuting those responsible. In addition to criminal prosecution, there is a need to rapidly detect and respond to incidents, including through the development of quarantine and mitigation strategies, as well as to quickly share incident information so that others may protect themselves. Safeguarding and securing cyberspace requires close coordination among federal law enforcement entities, network security experts, state, local, tribal, and territorial officials, and private sector stakeholders.
We will pursue the following strategies to advance cyber law enforcement, incident response, and reporting capabilities:
- Respond to and assist in the recovery from cyber incidents by managing incident response activities through the National Cybersecurity and Communications Integration Center and fostering enhanced collaboration between law enforcement and network security officials to pre-plan responses to cyber incidents.
- Deter, disrupt, and investigate cybercrime by 1) increasing the quantity and impact of cybercrime investigations; 2) partnering with other agencies to conduct high-profile criminal investigations, prioritize the recruitment and training of technical experts, and develop standardized methods; and 3) strengthening law enforcement agencies’ ability to detect, investigate, and arrest those that make illicit use of cyberspace.
Progress Update
The Department of Homeland Security (DHS) has determined that performance toward this goal is making satisfactory progress.
Introduction
Online criminal activity threatens the Internet’s safe and secure use. Law enforcement performs an essential role in achieving our Nation’s cybersecurity objectives by detecting, investigating, and preventing a wide range of cybercrimes, from theft and fraud to child exploitation, and apprehending and prosecuting those responsible. In addition to criminal prosecution, there is a need to rapidly detect and respond to incidents, including through the development of quarantine and mitigation strategies, as well as to quickly share incident information so that others may protect themselves. Safeguarding and securing cyberspace requires close coordination among federal law enforcement entities, network security experts, state, local, tribal, and territorial officials, and private sector stakeholders.
Major Achievements
The USSS and the United States Computer Emergency Readiness Team (US-CERT) provided information to UPS Stores Inc. to protect itself and its customers from criminal activity; UPS identified 51 impacted stores in 24 states and stopped this cyber incident before it developed into a major data breach. DHS’s Science and Technology Directorate developed methods and tutorials for acquiring and analyzing information from 13 different disposable phone models, regardless of the presence of Universal Serial Bus or any active device locks. The tutorials are available free of charge to federal, state, local, and select international law enforcement partners.
DHS’s National Cybersecurity and Communications Integration Center (NCCIC) substantially reduced the number of federal Heartbleed vulnerability instances from 265 to 2 over a three week period during April, 2014. This was a 99 percent reduction in Heartbleed exposures across the federal government. During this timeframe the NCCIC conducted over 1,000 network scans and delivered over 100 Heartbleed reports to federal partners.
Major Challenges & Opportunities for Improvement
Using the situational awareness available from the NCCIC and the Federal Network Resilience’s understanding of Federal agency cybersecurity challenges and requirements, DHS will have an opportunity to leverage the authorities provided by the National Cybersecurity Protection Act of 2014 and the Federal Information Security Management Act Modernization Act of 2014. These requirements give the NCCIC the opportunity to become the federal civilian center for sharing cybersecurity risks, incidents, analysis, and warnings for federal and non-federal entities. A challenge associated with this opportunity will be managing the potential increased demand with current staffing levels. In addition, DHS law enforcement entities (USSS and U.S. Immigration and Customs Enforcement) face the challenge of maintaining a highly trained cadre of agents and analysts with computer and network knowledge to lead DHS cyber protection and investigations in the future.