Homeland Security Secretary Kirstjen M. Nielsen previewed the May unveiling of the department’s new cybersecurity strategy and issued a stern warning to cybercriminals.
To accomplish this new strategy, the Department of Homeland Security’s Science and Technology Directorate (S&T) will work in tandem with DHS operational components by conducting research and development (R&D) in numerous areas that will help strengthen DHS’ ability to detect and defend against cyberattacks.
The DHS Cybersecurity Strategy released May 15.
“I have a news flash for America’s adversaries: Complacency is being replaced by consequences,” Secretary Nielsen said at the RSA Conference in San Francisco last month. “We will not stand on the sidelines while our networks are compromised. We will not abide the theft of our data, our innovation and our resources. And we will not tolerate cyber meddling aimed at the heart of our democracy.”
She said DHS is adopting a more forward-leaning posture that will bolster the nation’s digital defenses by prioritizing enhancements in risk identification, vulnerability reduction, threat reduction and consequence mitigation. The new plan also included a new focal area: Enabling cybersecurity outcomes.
“As the R&D arm of DHS, S&T is working on a wide range of research efforts that will greatly enhance the cybersecurity posture of critical infrastructure systems and the online environment,” said William N. Bryan, senior official performing the duties of the Under Secretary for Science and Technology. “These research efforts will lead to the development and implementation of new solutions that will make it possible for DHS to achieve the new cybersecurity strategy that Secretary Nielsen outlined in the new DHS Cybersecurity Strategy.”
S&T is conducting several R&D projects that support the newly-introduced strategy:
1. Risk Identification
“We must be more aware of vulnerabilities built into the fabric of the internet and other widespread weaknesses …We must also prioritize securing essential functions across sectors, including those executed through multiple assets and systems,” Secretary Nielsen said in her RSA Conference talk.
2. Vulnerability Reduction
“Looking out five years, DHS aims to have far greater awareness of dangerous threats before they hit our networks … to dismantle major illicit cyber networks in minutes, not months … and to be faster, smarter and more effective in responding to incidents,” Secretary Nielsen said.
3. Threat Reduction
This area is focused on reducing cyber-threats by countering transnational criminal organizations and sophisticated cyber-criminals.
4. Consequence Mitigation
In the new plan, this focus is described as minimizing consequences from potentially significant cyber incidents.
5. Enable Cybersecurity Outcomes
This pillar talks about prioritizing DHS cybersecurity R&D and tech transition plus expanding international cooperation to ensure an open, interoperable, secure and reliable internet.