DHS Releases New Cybersecurity Policy to Meet Rising Threats

WASHINGTON — The U.S. Department of Homeland Security (DHS) has released a new national strategy to identify and manage national cybersecurity risks, with the goal to better assess them and reduce vulnerabilities.

“The cyber threat landscape is shifting in real-time, and we have reached a historic turning point,” DHS Secretary Kirstjen Nielsen said in a statement. “It is clear that our cyber adversaries can now threaten the very fabric of our republic itself.”

The May 15 announcement comes amid concerns about the security of the 2018 U.S. midterm congressional elections and numerous high-profile hacking of U.S. companies.

“The United States faces threats from a growing set of sophisticated malicious actors who seek to exploit cyberspace. Motivations include espionage, political and ideological interests, and financial gain,” according to the 35-page report. “Nation-states continue to present a considerable cyber threat. But non-state actors are emerging with capabilities that match those of sophisticated nation-states.”

The report goes on to say that criminal actors are increasingly empowered by modern information and communications technologies that enable them to grow in sophistication and transnational reach.

The report continues: “Transnational criminal organizations also increasingly collaborate through cyberspace. Complicating the threat picture, nation-states are increasingly using proxies and other techniques that blur the distinction between state and non-state cyber activities. In a number of cases, malicious actors engaged in significant criminal cyber activity appear to have both criminal and nation-state affiliations.”

The report states that by 2020 more than 20 billion devices are expected to be connected to the internet. “The risks introduced by the growing number and variety of such devices are substantial,” it says.

Nielsen says the government “must think beyond the defense of specific assets — and confront systemic risks that affect everyone from tech giants to homeowners.”

The report also noted the 2015 intrusion into a federal agency resulted in the compromise of personnel records of over 4 million federal employees and in total impacted nearly 22 million people.

The DHS report says the agency “must better align our existing law enforcement efforts and resources to address new and emerging challenges in cyberspace, to include the growing use of end-to-end encryption, anonymous networks, online marketplaces, and cryptocurrencies.”

In March, Nielsen says the department was prioritizing election cyber security above all other critical infrastructure it protects, such as the financial, energy and communications systems.

U.S. intelligence officials have repeatedly warned that Russia will attempt to meddle in the 2018 contests after doing so during the 2016 presidential campaign.

Nielsen says that more than half of U.S. states have signed up for the agency’s cyber scanning services, designed to detect potential weaknesses that could be targeted by hackers.

DHS says in 2016 that 21 states had experienced initial probing of their systems from Russian hackers in 2016 and that a small number of networks were compromised, but that there was no evidence any votes were actually altered.

The DHS has identified five pillars of a department-wide risk management approach, which you can view here.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Related Content

NFID Foundation Aims to Establish Decentralized Identity in Security Industry

Artificial Intelligence Tops List of Policy Priorities at 2024 Security Hill Day

TCG and OST2 Partner to Deliver TPM Usage Training and Develop Cybersecurity Experts

These States Have the Highest and Lowest Average Cybercrime Victim Losses