BY Richard Summerfield
This week the US Department of Homeland Security unveiled a new national strategy for addressing the growing threat of cyber security risks.
According to the report, by 2020 more than 20 billion devices are expected to be connected to the internet, and a result of this growth and the increasing variety of these devices, a new approach to cyber security is required. The new strategy was released in compliance with the fiscal 2017 National Defence Authorisation Act, the DHS noted, and has been designed to prioritise and harmonise the department’s programming, planning, operational and budgeting efforts.
The DHS, which is responsible for securing federal networks and critical infrastructure from cyber sabotage, has identified five key areas of risk, or ‘pillars’, that it hopes to manage though the strategy, including risk identification, vulnerability reduction, consequence mitigation, enablement of cyber outcomes and threat reduction. These risk areas are particularly noteworthy given the evolution of cyber criminality in recent years. In particular, the strategy refers to the breadth of attempted cyber attacks on US government networks, which increased more than tenfold between 2006 and 2015.
Homeland Security secretary Kirstjen Nielsen said: “The cyber threat landscape is shifting in real-time, and we have reached a historic turning point. Digital security is now converging with personal and physical security, and it is clear that our cyber adversaries can now threaten the very fabric of our republic itself. That is why DHS is rethinking its approach by adopting a more comprehensive cybersecurity strategy. In an age of brand-name breaches, we must think beyond the defence of specific assets — and confront systemic risks that affect everyone from tech giants to homeowners. Our strategy outlines how DHS will leverage its unique capabilities on the digital battlefield to defend American networks and get ahead of emerging cyber threats.”
The announcement of the new strategy came on the same day that the White House removed the cybersecurity coordinator position from the National Security Council (NSC), as it felt that the role was no longer necessary.
NSC spokesman Robert Palladino said: “The National Security Council’s cyber office already has two very capable Senior Directors. Moving forward, these Senior Directors will coordinate cyber matters and policy. As they sit six feet apart from one another, they will be able to coordinate in real time. Today’s actions continue an effort to empower National Security Council Senior Directors. Streamlining management will improve efficiency, reduce bureaucracy and increase accountability.”