This is historical material “frozen in time.” The website is no longer updated and links to external websites and some internal pages may not work.

Home
Agencies
Goals
Initiatives
Programs

API
About
FAQ

You are hereHome

Primary tabs

View(active tab)
Show Changes

Strategic Objective

Goal 4.3: Advance Cyber Law Enforcement, Incident Response, and Reporting Capabilities

Strategic Objective

Advance Cyber Law Enforcement, Incident Response, and Reporting Capabilities

Themes:

National Defense

DHS.gov

Facebook Twitter Linkdin Mail RSS

XML

CSV

Overview
Progress Update

Overview

Online criminal activity threatens the Internet’s safe and secure use. Law enforcement performs an essential role in achieving our Nation’s cybersecurity objectives by detecting, investigating, and preventing a wide range of cybercrimes, from theft and fraud to child exploitation, and apprehending and prosecuting those responsible. In addition to criminal prosecution, there is a need to rapidly detect and respond to incidents, including through the development of quarantine and mitigation strategies, as well as to quickly share incident information so that others may

Progress Update

The Department of Homeland Security (DHS) has determined that performance toward this goal is making satisfactory progress.

Introduction
Online criminal activity threatens the Internet’s safe and secure use. Law enforcement performs an essential role in achieving our Nation’s cybersecurity objectives by detecting, investigating, and preventing a wide range of cybercrimes, from theft and fraud to child exploitation, and apprehending and prosecuting those responsible. In addition to criminal prosecution, there is a need to rapidly detect and respond to incidents, including through the development of quarantine and mitigation strategies, as well as to quickly share incident information so that others may protect themselves. Safeguarding and securing cyberspace requires close coordination among federal law enforcement entities, network security experts, state, local, tribal, and territorial officials, and private sector stakeholders.

Major Achievements
The USSS and the United States Computer Emergency Readiness Team (US-CERT) provided information to UPS Stores Inc. to protect itself and its customers from criminal activity; UPS identified 51 impacted stores in 24 states and stopped this cyber incident before it developed into a major data breach. DHS’s Science and Technology Directorate developed methods and tutorials for acquiring and analyzing information from 13 different disposable phone models, regardless of the presence of Universal Serial Bus or any active device locks. The tutorials are available free of charge to federal, state, local, and select international law enforcement partners.

DHS’s National Cybersecurity and Communications Integration Center (NCCIC) substantially reduced the number of federal Heartbleed vulnerability instances from 265 to 2 over a three week period during April, 2014. This was a 99 percent reduction in Heartbleed exposures across the federal government. During this timeframe the NCCIC conducted over 1,000 network scans and delivered over 100 Heartbleed reports to federal partners.

Major Challenges & Opportunities for Improvement
Using the situational awareness available from the NCCIC and the Federal Network Resilience’s understanding of Federal agency cybersecurity challenges and requirements, DHS will have an opportunity to leverage the authorities provided by the National Cybersecurity Protection Act of 2014 and the Federal Information Security Management Act Modernization Act of 2014. These requirements give the NCCIC the opportunity to become the federal civilian center for sharing cybersecurity risks, incidents, analysis, and warnings for federal and non-federal entities. A challenge associated with this opportunity will be managing the potential increased demand with current staffing levels. In addition, DHS law enforcement entities (USSS and U.S. Immigration and Customs Enforcement) face the challenge of maintaining a highly trained cadre of agents and analysts with computer and network knowledge to lead DHS cyber protection and investigations in the future.

Expand All

Strategic Goals

Strategic Goal:

Mission 4: Safeguard and Secure Cyberspace

Statement:

Safeguard and Secure Cyberspace.

Strategic Objectives

Goal 4.1: Strengthen the Security and Resilience of Critical Infrastructure Against Cyber Attacks and Other Hazards

Statement:

Strengthen the Security and Resilience of Critical Infrastructure Against Cyber Attacks and Other Hazards

Description:

The concept of critical infrastructure as discrete, physical assets has become outdated as everything becomes linked to cyberspace. This "cyber-physical convergence" has changed the risks to critical infrastructure in sectors ranging from energy and transportation to agriculture and healthcare. DHS coordinates with its private sector partners as well as with state, local, tribal, and territorial governments to share information and intelligence regarding cyber threats and vulnerabilities, foster development of trustworthy products and services, and encourage the adoption of best-in-class cybersecurity practices.

We will pursue the following strategies to strengthen the security and resilience of critical infrastructure against cyber attacks and other hazards:

Enhance the exchange of information and intelligence on risks to critical infrastructure and develop real-time situational awareness capabilities that ensure machine and human interpretation and visualization by increasing the volume, timeliness and quality of cyber threat reporting shared with the private sector and state, local, tribal, and territorial partners, and enabling the National Cybersecurity and Communications Integration Center (to receive information at "machine speed" by enabling networks to be more self-healing, using mathematics and analytics to mimic restorative processes that occur biologically.
Partner with critical infrastructure owners and operators to ensure the delivery of essential services and functions by building effective partnerships to set a national focus and determine collective actions, providing assistance to local and regional partners, and leveraging incentives to advance security and resilience, as described in the National Infrastructure Protection Plan: Partnering for Security and Resilience.
Identify and understand interdependencies and cascading impacts among critical systems by leveraging regional risk assessment programs, organization-specific assessment, asset and network-specific assessment, and cross-sector risk assessments.
Collaborate with agencies and the private sector to identify and develop effective cybersecurity policies and best practices through voluntary collaboration with private sector own-ers and operators (including their partner associations, vendors, and others) and govern-ment entity counterparts.
Reduce vulnerabilities and promote resilient critical infrastructure design by identifying and promoting opportunities that build security and resilience into critical infrastructure as it is being developed and updated, rather than focusing solely on mitigating vulnerabilities present within existing critical infrastructure.

Learn More

Goal 4.2: Secure the Federal Civilian Government Information Technology Enterprise

Statement:

Secure the Federal Civilian Government Information Technology Enterprise

Description:

The Federal Government provides essential services and information on which many Americans rely. Not only must the government protect its own networks, it must serve as a role model to others in implementing security services. DHS itself plays a leading role in securing federal civilian networks, allowing the Federal Government to do its business securely. DHS partners with agencies to deploy products such as the EINSTEIN set of capabilities that provide perimeter network-based intrusion detection and prevention.

We will pursue the following strategies to secure the federal civilian government information technology enterprise:

Coordinate government purchasing of cyber technology to enhance cost-effectiveness by using strategically sourced tools and services such as the Continuous Diagnostics and Mitigation program.
Equip civilian government networks with innovative cybersecurity tools, information, and protections by supporting research and development and making the innovations from research and development available not only to the Federal Government but widely available across the public and private spheres.
Ensure government-wide policy and standards are consistently and effectively implemented and measured by promoting the adoption of enterprise-wide policy and best practices and working with interagency partners to develop government-wide requirements that can bring the full strength of the market to bear on existing and emergent vulnerabilities.

Learn More

FY 16-17 Priority Goal: Improve Federal Network Security

Statement:

Improve federal network security by providing federal civilian executive branch agencies with the tools and information needed to diagnose, mitigate, and respond to cybersecurity threats and vulnerabilities. By September 30, 2017 DHS will deliver two phases of continuous diagnostics and mitigation tools to 100% of the participating federal civilian executive branch agencies so that they can monitor their networks.

Description:

The 2014 Quadrennial Homeland Security Review and the FY14-18 DHS Strategic Plan recognizes the continuing need to secure the federal civilian executive branch agencies’ information technology (IT) networks and systems. By law, each head of a federal department or agency is primarily responsible for their agency’s own cybersecurity. The Department of Homeland Security has overall responsibility for protecting federal civilian executive branch systems from cyber threats, helping agencies better defend themselves, and providing response teams to assist agencies during significant incidents. There is no one “silver bullet” for cybersecurity. The key is to install multiple layers of protection to best secure federal networks.
DHS’s National Cybersecurity and Communications Integration Center (NCCIC) is the U.S. government’s 24/7 hub for cybersecurity information sharing, incident response and coordination. The NCCIC shares information on cyber threats and incidents, and provides on-site assistance to victims of cyberattacks. The NCCIC is also where DHS manages the EINSTEIN system, the first basic layer of protection DHS provides at the network perimeter of each federal civilian executive branch agency. While there are three parts to the EINSTEIN set of capabilities, the focus is currently on the deployment of the third phase, known as EINSTEIN 3 Accelerated (E3A), which has the capacity to identify and block known malicious traffic.
DHS also helps federal agencies identify and fix problems inside their networks in near real-time using the Continuous Diagnostics and Mitigation program (CDM). Once fully deployed, CDM will constantly scan agency networks for vulnerabilities that bad actors could exploit if they did breach an agency’s perimeter. The CDM Program consists of three phases that are currently in various stages of availability to federal civilian executive branch agencies. The first phase of CDM focuses on “What is on the Network,” specifically asset management. This includes hardware and software assets, managing configuration settings, and vulnerabilities, all of which are foundational capabilities to protect systems and data. Phase 2 (“Who is on the Network”) covers user account and network privilege management; and Phase 3 (“What is Happening on the Network”) covers boundary protection, event management and security lifecycle management.

As of October 1, 2015, DHS has delivered the first phase of CDM to the 23 civilian Chief Financial Officer (CFO) Act agencies, covering 97 percent of the federal civilian Executive Branch government. These agencies are expected to deploy these CDM tools on their networks within the fiscal year.
Information sharing is also fundamental to achieving cybersecurity. The NCCIC shares information on cyber threats, vulnerabilities and incidents. In order to sufficiently address the rapidly evolving threats to our cyber systems, DHS and its partners must move beyond information sharing methods that are overly reliant on manual processes to be able to share cyber information in as close to real-time as possible. DHS is pursuing an aggressive schedule to deploy one of its next-generation information sharing techniques. The Department has an automated system in place to share cyber threat indicators, and DHS will extend this capability across the federal government and to the private sector, so that the larger community can send and receive threat indicators in near real-time.
This goal aligns with Administration cybersecurity priorities. The goal was established in coordination with OMB policies and guidance, to include the Cybersecurity Strategy and Implementation Plan (CSIP), the Fiscal Year 2015-2016 Guidance on Federal Information Security and Privacy Management Requirements, and the Cybersecurity CAP goal.

Learn More

Goal 4.3: Advance Cyber Law Enforcement, Incident Response, and Reporting Capabilities

Statement:

Advance Cyber Law Enforcement, Incident Response, and Reporting Capabilities

Description:

We will pursue the following strategies to advance cyber law enforcement, incident response, and reporting capabilities:

Respond to and assist in the recovery from cyber incidents by managing incident response activities through the National Cybersecurity and Communications Integration Center and fostering enhanced collaboration between law enforcement and network security officials to pre-plan responses to cyber incidents.
Deter, disrupt, and investigate cybercrime by 1) increasing the quantity and impact of cybercrime investigations; 2) partnering with other agencies to conduct high-profile criminal investigations, prioritize the recruitment and training of technical experts, and develop standardized methods; and 3) strengthening law enforcement agencies’ ability to detect, investigate, and arrest those that make illicit use of cyberspace.

Learn More

Goal 4.4: Strengthen the Cyber Ecosystem

Statement:

Strengthen the Cyber Ecosystem

Description:

Our entire society, from government and law enforcement to the private sector and members of the public, must work collaboratively to improve our network defense. Ensuring a healthy cyber ecosystem will require collaborative communities, innovative and agile security solutions, standardized and consistent processes to share information and best practices, sound policies and plans, meaningful protection of privacy, civil rights, and civil liberties, and development of a skilled workforce to ensure those policies and plans are implemented as intended.

We will pursue the following strategies to strengthen the cyber ecosystem:

Drive innovative and cost effective security products, services, and solutions throughout the cyber ecosystem by working with domestic and international partners across the public and private spheres, and across the science and policy communities to identify promising technology, policy and standards that enable robust, trust-based, automated sharing of cybersecurity information and collective action to limit the spread of incidents and minimize consequences.
Conduct and transition research and development, enabling trustworthy cyber infrastructure by supporting initiatives to develop promising new security technologies and techniques including: 1) security automation techniques to facilitate real-time incident response; 2) interoperability to support security cooperation across sectors; and 3) privacy enhancing authentication to enable better system protection.
Develop skilled cybersecurity professionals by promoting cybersecurity knowledge and innovation, developing Department-wide human capital strategies, policies, and programs intended to enhance the DHS cyber workforce, and working with public and private sector partners to increase the pipeline of highly qualified homeland security professionals through academic and federal training programs.
Enhance public awareness and promote cybersecurity best practices by promoting National Cybersecurity Awareness Month and the Stop. Think. Connect.™ Campaign, which raise awareness through collaborative outreach efforts and distributing materials, resources, and tips to promote cybersecurity.
Advance international engagement to promote capacity building, international standards, and cooperation by working to establish and deepen relationships with foreign computer incident response teams both bilaterally and through participation in operationally-focused multilateral fora, such as the Forum for Incident Response and Security Teams.

Learn More

Download
Featured Report

Agency Plans and Reports

Agency Strategic Plan

Accessibility
Privacy Policy