The Department of Homeland Security on Tuesday released its new cybersecurity strategy to counter evolving and growing threats from nation-state hackers and cyber criminals.
The department, which is responsible for securing federal networks and critical infrastructure from cyber sabotage, unveiled the strategy as Homeland Security Secretary Kirstjen Nielsen testified before Congress on the fiscal 2019 budget request.
{mosads}“The strategy is built on the concepts of mitigating systemic risk and strengthening collective defense,” Nielsen said Tuesday. “Both will inform our approach to defending U.S. networks and supporting governments at all levels and the private sector in increasing the security and resilience of critical infrastructure.”
The 35-page strategy unveiled Tuesday hinges on five “pillars” to limit and address threats to digital systems in the United States. These involve gaining a better understanding of threats and vulnerabilities to critical U.S. assets in cyberspace; reducing “systemic vulnerabilities” in U.S. networks; disrupting cyber crime; limiting the impact of potentially massive cyber incidents; and supporting policy to broadly bolster security of digital systems.
It recognizes the evolving and growing threats posed by nation-state hackers and cyber criminals, as well as risks posed by the rapidly expanding ecosystem of internet-connected devices — commonly known as the Internet of Things.
The document specifically acknowledges the breadth of attempted cyberattacks on U.S. government networks, which increased more than ten-fold in the decade between 2006 and 2015, according to the department’s tally.
Homeland Security, a relatively young agency created following the September 2001 terror attacks, is responsible for guarding civilian federal networks and critical infrastructure from cyber threats. Those responsibilities are housed at the department’s National Protection and Programs Directorate (NPPD), a headquarters unit that has seen its portfolio rapidly expand amid mounting digital threats.
“This strategy provides the Department with a framework to execute our cybersecurity responsibilities during the next five years to keep pace with the evolving cyber risk landscape by reducing vulnerabilities and building resilience; countering malicious actors in cyberspace; responding to incidents; and making the cyber ecosystem more secure and resilient,” the strategy states.