Advanced search    Help

Clear all search criteria

Only 2/3! You are seeing results from the Public Collection, not the complete Full Collection. Sign in to search everything (see eligibility).

• Serial No. 114-71: Enhancing Preparedness and Response Capabilities to Address Cyber Threats, Joint Hearing Before the Subcommittee on Emergency Preparedness, Response, and Communication and the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies of the Committee on Homeland Security, House of Representatives, One Hundred Fourteenth Congress, Second Session, May 24, 2016

  Show summary     Open resource [pdf]     (open full abstract)

  This testimony is from the May 24, 2016 hearing on "Enhancing Preparedness and Response Capabilities to Address Cyber Threats" held before subcommittees of the House Committee on Homeland Security. From the opening statement of Dan Donovan: "As we are all aware, the cyber threat is real from both state and non-state actors. The countless cyberattacks against the United States and its citizens, including major attacks against Target, Home Depot, OPM [Office of Personnel Management], and Anthem, are just the tip of the iceberg. I believe that the number and magnitude of attacks will only increase, especially as more and more of our lives become connected to the Internet. It is imperative that we ensure that our State and local officials as well as our first responders are prepared to protect against and respond to a cyber attack." Statements, letters, and materials submitted for the record include those of the following: Mark Ghilarducci, Daniel J. Cooney, Steven Spano, Mark Raymond, and Robert Galvin.

  United States. Government Publishing Office

  2017
• Opioid Crisis, Field Hearing Before the Committee on Homeland Security and Governmental Affairs, United States Senate, One Hundred Fourteenth Congress, Second Session, Border Security and America's Heroin Epidemic: The Impact of the Trafficking and Abuse of Heroin and Prescription Opioids in Wisconsin, April 15, 2016, Examining the Impact of the Opioid Epidemic in Ohio, April 22, 2016

  Show summary     Open resource [pdf]     (open full abstract)

  This is the April 15, 2016, and April 22, 2016 hearing on "Opioid Crisis," held before the U.S. Senate Committee on Homeland Security and Governmental Affairs. From the opening statement of Chairman Ron Johnson: "When I took over the Chairmanship of the Committee, we first established a mission statement. It is pretty simple: To enhance the economic and national security of America. And then, we established four priorities on the homeland security side: border security, cyber security, protecting our critical infrastructure, and combating Islamic terrorists. The first one we addressed--border security, we have held 15 hearings on border security. We have issued an approximately 100- page report, and it is right here--I would recommend you going online or getting a copy of it--laying out the findings of our hearings. You might ask, well, how does border security relate to a hearing here in Wisconsin on the effect of heroin and the use and abuse and the overdoses here in Wisconsin. Well, certainly, my conclusion, as well as I think a number of our committee Members is, among many causes of our unsecure border, I place at the top of the list America's insatiable demand for drugs." Statements, letters, and materials submitted for the record include those of the following: James F. Bohn, Tim Westlake, Tyler Lybert, Ashley Nowakowski, Lauri Badura, R. Gil Kerlikowske, Brad Schimel, Jon Erpenbach, and John Nygren.

  United States. Government Publishing Office

  2017
• Cybersecurity: Critical Infrastructure Authoritative Reports and Resources [December 6, 2016]

  Show summary     Open resource [pdf]     (open full abstract)

  "Critical infrastructure is defined in the USA PATRIOT Act (P.L. 107-56, §1016(e)) as 'systems and assets, physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health and safety, or any combination of those matters.' Presidential Decision Directive 63, or PDD-63, identified activities whose critical infrastructures should be protected: information and communications; banking and finance; water supply; aviation, highways, mass transit, pipelines, rail, and waterborne commerce; emergency and law enforcement services; emergency, fire, and continuity of government services; public health services; electric power, oil and gas production; and storage. In addition, the PDD identified four activities in which the federal government controls the critical infrastructure: (1) internal security and federal law enforcement; (2) foreign intelligence; (3) foreign affairs; and (4) national defense. In February 2013, the Obama Administration issued PPD-21, Critical Infrastructure Security and Resilience, which superseded HSPD-7 issued during the George W. Bush Administration. PPD-21 made no major changes in policy, roles and responsibilities, or programs, but did order an evaluation of the existing public-private partnership model, the identification of baseline data and system requirements for efficient information exchange, and the development of a situational awareness capability. PPD-21 also called for an update of the National Infrastructure Protection Plan, and a new Research and Development Plan for Critical Infrastructure, to be updated every four years. This report serves as a starting point for congressional staff assigned to cover cybersecurity issues as they relate to critical infrastructure."

  Library of Congress. Congressional Research Service

  Tehan, Rita

  2016-12-06
• Strategic Challenges Facing Our Nation - U.S. Coast Guard Perspective

  Show summary     Open resource [pdf]     (open full abstract)

  Challenges included in "Strategic Challenges Facing Our Nation - U.S. Coast Guard Perspective" include: Combating Transnational Organized Crime in our Hemisphere; Preserving Sovereignty and Expanding Access and Presence in the Polar Regions; Protecting Critical Infrastructure from all-domain Threats, Including Cyber; Facilitating Maritime Commerce; and Building the 21st Century Coast Guard.

  United States. Coast Guard

  2016-12-02
• Is NATO Ready for a Cyberwar?

  Show summary     Open resource [pdf]     (open full abstract)

  From the this abstract: "This thesis analyzes the sufficiency and effectiveness of the North Atlantic Treaty Organization's (NATO) cyber policies against cyber threats, considering the recent cyber cases and incidents that could be related to NATO's cyber defense. The authors use analytical and descriptive approaches to answer the research questions by examining the categories of cyber threats facing NATO and the policies implemented to fight against cyber operations and attacks. Finally, the authors make policy recommendations in order to respond to cyber threats more effectively in regard to eight specific areas: cooperation with the European Union; relations with business enterprises; information sharing among members; education, training, and exercises; capabilities of NATO Communications and Information Agency (NCIA); critical infrastructure protection; cyber law and legislature; and collective cyber defense. The cyber domain is a challenging arena in which to carry out operations and develop policies. NATO can be considered successful in cyberspace; however, the alliance should be aware that there is no limit to the development of capabilities, especially in cyber defense issues."

  Naval Postgraduate School (U.S.)

  Canbolat, Mustafa; Sezgin, Emrah

  2016-12
• EMR-ISAC: InfoGram, Volume 16 Issue 44 [November 3, 2016]

  Show summary     Open resource [pdf]     (open full abstract)

  The Emergency Management and Response Information Sharing and Analysis Center's (EMR-ISAC) InfoGram is a weekly publication of information concerning the protection of critical infrastructures relevant to members of the Emergency Services Sector. This issue includes the following articles: "Airgas Offers Training on Gas Emergencies," "Flu News and This Season's Vaccine Changes," "Cyber Attack on 9-1-1 System Leads to Quick Arrest," and "Training: Emergency Preparedness Leadership."

  Emergency Management and Response-Information Sharing and Analysis Center (U.S.)

  2016-11-04
• Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems

  Show summary     Open resource [pdf]     (open full abstract)

  From the Abstract: "With the continuing frequency, intensity, and adverse consequences of cyber-attacks, disruptions, hazards, and other threats to federal, state, and local governments, the military, businesses, and the critical infrastructure, the need for trustworthy secure systems has never been more important to the long-term economic and national security interests of the United States. Engineering-based solutions are essential to managing the growing complexity, dynamicity, and interconnectedness of today's systems, as exemplified by cyber-physical systems and systems-of-systems, including the Internet of Things. This publication addresses the engineering-driven perspective and actions necessary to develop more defensible and survivable systems, inclusive of the machine, physical, and human components that compose the systems and the capabilities and services delivered by those systems. It starts with and builds upon a set of well-established International Standards for systems and software engineering published by the International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC), and the Institute of Electrical and Electronics Engineers (IEEE) and infuses systems security engineering methods, practices, and techniques into those systems and software engineering activities. The objective is to address security issues from a stakeholder protection needs, concerns, and requirements perspective and to use established engineering processes to ensure that such needs, concerns, and requirements are addressed with appropriate fidelity and rigor, early and in a sustainable manner throughout the life cycle of the system."

  National Institute of Standards and Technology (U.S.); United States. Department of Commerce

  Ross, Ron; McEvilley, Michael; Oren, Janet Carrier

  2016-11
• EMR-ISAC: InfoGram, Volume 16 Issue 41 [October 13, 2016]

  Show summary     Open resource [pdf]     (open full abstract)

  The Emergency Management and Response Information Sharing and Analysis Center's (EMR-ISAC) InfoGram is a weekly publication of information concerning the protection of critical infrastructures relevant to members of the Emergency Services Sector. This issue includes the following articles: "Handling Death Notifcations at a Distance," "National Cyber Incident Response Plan," and "Chemical Facility Safety and Security Webinar."

  Emergency Management and Response-Information Sharing and Analysis Center (U.S.)

  2016-10-13
• Critical Infrastructure Threat Information Sharing Framework: A Reference Guide for the Critical Infrastructure Community

  Show summary     Open resource [pdf]     (open full abstract)

  "This Framework is a resource to help critical infrastructure owners and operators, as well as other private sector, Federal, and State, local, tribal, and territorial (SLTT) government partners that share threat information, learn where they can turn, and in what circumstances, to both receive and report threat information. Threat information in this Framework is limited to information sharing pertaining to man-made threats, including both cyber and physical threats, to critical infrastructure. This document is not new policy, but describes the various processes and mechanisms currently used to share threat information and the existing array of threat information-sharing entities involved in those processes. It was developed in response to a need for greater clarity identified by the critical infrastructure community, and supports the 2012 'National Strategy for Information Sharing and Safeguarding' (NSISS) as well as the 'National Infrastructure Protection Plan (NIPP) 2013: Partnering for Critical Infrastructure Security and Resilience' (NIPP 2013) Call to Action to build upon partnership efforts and one of its goals to share actionable and relevant information across the critical infrastructure community."

  United States. Department of Homeland Security

  2016-10
• H. Rept. 114-756: Cyber Preparedness Act of 2016, Report to Accompany H.R. 5459, Including Cost Estimate of the Congressional Budget Office, September 19, 2016

  Show summary     Open resource [pdf]     (open full abstract)

  "The purpose of H.R. 5459 is to amend the Homeland Security Act of 2002 to enhance preparedness and response capabilities for cyber-attacks, bolster the dissemination of homeland security information related to cyber threats, and for other purposes. [...] Cybersecurity is a major national security issue and the threat is real and immediate. For instance, a cyber-attack causing widespread power outages could have major cascading consequences on public health and safety. During a joint hearing of the Subcommittees on Emergency Preparedness, Response, and Communications and Cybersecurity, Infrastructure Protection, and Security Technologies on May 24, 2016, Members heard from State officials about their best practices and lessons learned in enhancing cybersecurity capabilities and how the Federal Government can help mitigate some of the challenges States face. Among the issues raised by the witnesses was the need for better information sharing between the National Cybersecurity and Communications Integration Center (NCCIC) and state and major urban area fusion centers; the need for clarity on the use of homeland security grants to address cybersecurity; and the impact the level of classification of cyber threat information has on States and fusion centers' ability to share that information with relevant stakeholders. This legislation seeks to address these concerns."

  United States. Government Publishing Office

  2016-09-19
• Federal Information Security: Actions Needed to Address Challenges, Statement of Gregory C. Wilshusen, Director, Information Security Issues, Testimony Before the President's Commission on Enhancing National Cybersecurity

  Show summary     Open resource [pdf]     (open full abstract)

  "The dependence of federal agencies on computerized information systems and electronic data makes them potentially vulnerable to a wide and evolving array of cyber-based threats. Securing these systems and data is vital to the nation's safety, prosperity, and well-being. Because of the significance of these risks and long-standing challenges in effectively implementing information security protections, GAO [Government Accountability Office] has designated federal information security as a government-wide high-risk area since 1997. In 2003 this area was expanded to include computerized systems supporting the nation's critical infrastructure, and again in February 2015 to include protecting the privacy of personally identifiable information collected, maintained, and shared by both federal and nonfederal entities. GAO was asked to provide a statement on laws and policies shaping the federal IT [information technology] security landscape and actions needed for addressing long-standing challenges to improving the nation's cybersecurity posture. In preparing this statement, GAO relied on previously published work. Over the past several years, GAO has made about 2,500 recommendations to federal agencies to enhance their information security programs and controls. As of September 16, 2016, about 1,000 have not been implemented."

  United States. Government Accountability Office

  Wilshusen, Gregory C.

  2016-09-19
• Improving the Cybersecurity of Cyber-Physical Systems Through Behavioral Game Theory and Model Checking in Practice and in Education

  Show summary     Open resource [pdf]     (open full abstract)

  "This dissertation presents automated methods based on behavioral game theory and model checking to improve the cybersecurity of cyber-physical systems (CPSs) and advocates teaching certain foundational principles of these methods to cybersecurity students. First, it encodes behavioral game theory's concept of level-k reasoning into an integer linear program that models a newly defined security Colonel Blotto game. This approach is designed to achieve an efficient allocation of scarce protection resources by anticipating attack allocations. A human subjects experiment based on a CPS infrastructure demonstrates its effectiveness. Next, it rigorously defines the term adversarial thinking, one of cybersecurity education's most important and elusive learning objectives, but for which no proper definition exists. It spells out what it means to 'think like a hacker' by examining the characteristic thought processes of hackers through the lens of Sternberg's triarchic theory of intelligence. Next, a classroom experiment demonstrates that teaching basic game theory concepts to cybersecurity students significantly improves their strategic reasoning abilities. Finally, this dissertation applies the SPIN model checker to an electric power protection system and demonstrates a straightforward and effective technique for rigorously characterizing the degree of fault tolerance of complex CPSs, a key step in improving their defensive posture."

  Air Force Institute of Technology (U.S.)

  Hamman, Seth T.

  2016-09
• Cybersecurity: Utilizing Fusion Centers to Protect State, Local, Tribal, and Territorial Entities Against Cyber Threats

  Show summary     Open resource [pdf]     (open full abstract)

  From the thesis abstract: "Many areas of the cyber domain of American citizens are under attack: critical infrastructure, electrical grids, banks, businesses, government, and personally identifiable information (identity theft, medical records, child exploitation, etc.). Although the focus of recent cybersecurity legislation has provided additional authorities to federal agencies, a key concern for state, local, tribal and territorial (SLTT) government entities is this: What is the best way to protect computer networks at the state and local level? State and local governments have the responsibility to protect dams, freeway systems, power and water plants, emergency communications, personal identifiable information, health care records, educational institutions, and banking systems. The array of responsibilities and the cybersecurity threat landscape make state- and local-level computer networks fertile ground for the cyber adversary. This research focuses on the threat to SLTT computer networks and how to leverage information-sharing initiatives, cybersecurity policies and state and local fusion centers to prevent, mitigate, and deter cyber threats targeted at SLTT computer networks."

  Naval Postgraduate School (U.S.); Naval Postgraduate School (U.S.). Center for Homeland Defense and Security

  Flynn, Payton A., Sr.

  2016-09
• Electronic Health Information: HHS Needs to Strengthen Security and Privacy Guidance and Oversight, Report to the Committee on Health, Education, Labor, and Pensions, U.S. Senate

  Show summary     Open resource [pdf]     (open full abstract)

  "As a digital version of a patient's medical record or chart, an EHR can make pertinent health information more readily available and usable for providers and patients. However, recent data breaches highlight the need to ensure the security and privacy of these records. HHS has primary responsibility for setting standards for protecting electronic health information and for enforcing compliance with these standards. GAO was asked to review the current health information cybersecurity infrastructure. The specific objectives were to (1) describe expected benefits of and cyber threats to electronic health information, (2) determine the extent to which HHS security and privacy guidance for EHRs are consistent with federal cybersecurity guidance, and (3) assess the extent to which HHS oversees these requirements. To address these objectives, GAO reviewed relevant reports, federal guidance, and HHS documentation and interviewed subject matter experts and agency officials."

  United States. Government Accountability Office

  2016-08-26
• Department of Homeland Security: Enhanced Cybersecurity Services (Fiscal Year 2016 Report to Congress)

  Show summary     Open resource [pdf]     (open full abstract)

  "Cyber intrusions and attacks have increased significantly over the last decade, exposing sensitive personal and business information, disrupting operations, and imposing high costs on the U.S. economy. DHS plays a pivotal role in helping to secure the Federal civilian Government and private-sector partners against these threats. This role is codified in the Department's 2014 Quadrennial Homeland Security Review (QHSR). Under the QHSR, DHS focuses on enhancing critical infrastructure security and resilience by reducing vulnerabilities; detecting malicious activity; promoting resilient critical infrastructure design; partnering with critical infrastructure owners and operators; and sharing information on threats, consequences, and mitigations. In 2014, Congress passed the National Cybersecurity Protection Act, which codifies DHS's authority to help the private sector manage cybersecurity risks. [...] This report articulates how ECS [Enhanced Cybersecurity Services] will continue to integrate SLTT [state, local, tribal, and territorial] entities into its outreach and to drive further participation and awareness among SLTT and private-sector groups."

  United States. Department of Homeland Security

  2016-07-18
• Value of DHS' Vulnerability Assessments in Protecting Our Nation's Critical Infrastructure, Hearing Before the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies of the Committee on Homeland Security, U.S. House of Representatives, One Hundred Fourteenth Congress, Second Session, July 12, 2016

  Show summary     Open resource [pdf]     (open full abstract)

  This testimony compilation is from the July 12, 2016 hearing on "Value of DHS' Vulnerability Assessments in Protecting Our Nation's Critical Infrastructure" before the U.S. House of Representatives Committee on Homeland Security. From the Committee website, "The purpose of this hearing is to examine threats to the nation's critical infrastructure, including threats from terrorists and nation state actors. The Subcommittee will examine the capabilities of the Department of Homeland Security's (DHS) Office of Cybersecurity and Communications (CS&C) and Office of Infrastructure Protection (IP) in offering voluntary assessments to owners and operators of critical infrastructure to evaluate risks and to defend against attacks. Over the past several years, the Government Accountability Office (GAO) has brought into question the value of DHS' vulnerability assessments and its ability to mitigate potential duplication or gaps. The Subcommittee will examine several of the recommendations made by GAO and how DHS has addressed those concerns. Additionally, the Subcommittee will examine the benefit being provided to owners and operators from the vulnerability assessments and how DHS is communicating the value of its critical infrastructure protection and cybersecurity programs to owners and operators of critical infrastructure." Statements, letters, and materials submitted for the record include those of the following: Chris P. Currie, Andy Ozment, Caitlin Durkovich, and Marcus L. Brown.

  United States. Congress. House. Committee on Homeland Security

  2016-07-12
• Critical Infrastructure Protection, DHS Has Made Progress in Enhancing Critical Infrastructure Assessments, but Additional Improvements Are Needed, Statement of Chris Currie, Director, Homeland Security and Justice, Testimony Before the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies, Committee on Homeland Security, House of Representatives

  Show summary     Open resource [pdf]     (open full abstract)

  "Protecting the security of CI [Critical Infrastructure] is a top priority for the nation. CI includes assets and systems, whether physical or cyber, that are so vital to the United States that their destruction would have a debilitating impact on, among other things, national security or the economy. Multiple federal entities, including DHS, are involved in assessing CI vulnerabilities, and assessment fatigue could impede DHS's ability to garner the participation of CI owners and operators in its voluntary assessment activities. This testimony summarizes past GAO [Government Accountability Office] findings on progress made and improvements needed in DHS's vulnerability assessments, such as addressing potential duplication and gaps in these efforts. This statement is based on products GAO issued from May 2012 through October 2015 and recommendation follow-up conducted through March 2016. GAO reviewed applicable laws, regulations, directives, and policies from selected programs. GAO interviewed officials responsible for administering these programs and assessed related data. GAO interviewed and surveyed a range of stakeholders, including federal officials, and CI owners and operators."

  United States. Government Accountability Office

  Currie, Chris

  2016-07-12
• Congressional Budget Office Cost Estimate: H.R. 5390: Cybersecurity and Infrastructure Protection Agency Act of 2016

  Show summary     Open resource [pdf]     (open full abstract)

  "H.R. 5390 would rename the National Protection and Programs Directorate (NPPD) of the Department of Homeland Security (DHS) as the Cybersecurity and Infrastructure Protection Agency. The bill also would consolidate certain missions of NPPD under two new divisions: the Cybersecurity Division and the Infrastructure Protection Division. Based on information from DHS, CBO [Congressional Budget Office] has concluded that the bill would largely codify the department's existing plans to reorganize NPPD and would not impose any new operating requirements on the agency. On that basis, CBO estimates that implementing H.R. 5390 would have no significant effect on the federal budget."

  United States. Congressional Budget Office

  2016-06-29
• Analysis of Cyber Security and How It Is Affecting a Contract Writing System, Seaport

  Show summary     Open resource [pdf]     (open full abstract)

  From the thesis abstract: "The purpose of this paper is to research cyber security and whether it creates inefficiencies and ineffective business support for the DOD [Department of Defense]--specifically, the contract writing system SeaPort. Is cybersecurity becoming too restrictive, making the ability to support the programs and warfighters inefficient and ineffective? What business practices could be put in place to protect the DOD without hindering contract and business support to the warfighter? This research topic came about due to the underperformance of SeaPort when used by NAVSEA [Naval Sea Systems Command] contract specialists at Dahlgren. The research begins with a brief overview of the Internet, cyber security, and SeaPort contract writing system. The literature review describes the private and public sectors with regard to cyber security as well as any policies related to cyber security. Sixteen (16) SeaPort users were surveyed in order to gain an understanding of the issues surrounding SeaPort. We discovered that SeaPort, indeed, was having issues regarding PDF [Portable Document Format] generation, FPDS-NG [Federal Procurement Data System-Next Generation] reporting, and overall latency. A direct correlation between cyber security and SeaPort efficiency could not be proven; however, theoretically, cyber security can be attributed. Recommendations include adding more servers to existing SeaPort network infrastructure and further research conducted by cyber experts within the government with the authority to access direct cyber reports on the system."

  Naval Postgraduate School (U.S.)

  Turner, Bill; Belcher, Daniel; Allen, Danielle

  2016-06
• Final Report of the Cybersecurity Subcommittee: Part I - Incident Response

  Show summary     Open resource [pdf]     (open full abstract)

  "This report offers recommendations to meet a poorly understood but absolutely vital challenge for U.S. cybersecurity: ensuring that 'interdependent' infrastructure sectors can work together to restore critical services after a cyberattack, in partnership with the Department of Homeland Security (DHS) and other Federal and state agencies. Secretary of Homeland Security, Jeh C. Johnson, requested such recommendations in his August 6, 2015 message to the Homeland Security Advisory Council (HSAC) in which he directed the HSAC to create a Cybersecurity Subcommittee (Subcommittee). Secretary Johnson noted that 'The Department and its public and private sector partners are making significant progress to protect the electric grid, water and wastewater systems, and other lifeline infrastructure sectors from attack.' However, he also emphasized that 'Given the increasing severity of the cyber threat, it is essential to strengthen U.S. plans, capabilities, and coordination mechanisms to restore infrastructure services if our defenses fail.'"

  United States. Department of Homeland Security

  2016-06
• Information Warfare: DOD's Response to the Islamic State Hacking Activities [May 10, 2016]

  Show summary     Open resource [pdf]     (open full abstract)

  "The Islamic State (IS) has pursued a strategy of accessing U.S. government computer systems for a variety of purposes. IS pursues five primary categories of activity when targeting U.S. computer systems: defacement, distributed denial of service, data theft, disabling websites, and data breaches. The Department of Defense (DOD) is pursuing a number of activities aimed at detecting, deterring, and thwarting IS hacking activities. In May 2015, FBI Director James Comey stated, 'ISIS [Islamic State of Iraq and Syria] is 'waking up' to the idea of using sophisticated malware to cyberattack critical infrastructure in the U.S.' and 'logic tells me it's coming,' and the terror group is 'looking into' developing an advanced cyberattack capability. Some government officials have stated that IS has already undertaken attacks against computers that manage U.S. critical infrastructure processes. In October 2015, Caitlin Durkovich, Assistant Secretary for Infrastructure Protection at the Department of Homeland Security, stated at a conference focused on energy sector issues that 'ISIL is beginning to perpetrate cyberattacks' on the nation's critical infrastructure. At the same conference, Special Agent John Riggi, Section Chief of the FBI's Cyber Division, stated that while IS has 'strong intent (to undertake a cyberattack), thankfully, (they have) low capability.'"

  Library of Congress. Congressional Research Service

  Theohary, Catherine A.

  2016-05-10
• Maritime Cyber Security University Research: Phase I - Final Report

  Show summary     Open resource [pdf]     (open full abstract)

  "Modern maritime systems are highly complex digital systems to ensure the safety and efficient operation of the shipping traffic so vital to the global economy. The vulnerabilities associated with reliance on digital systems in the maritime environment must be continuously examined. System protections must be ever ready to monitor vulnerabilities and secure maritime traffic systems. The U.S. Coast Guard must ensure the integrity of the entrances to our 'digital ports' and work to develop practical cyber security solutions to protect the nation's maritime infrastructure."

  United States. Department of Homeland Security; U.S. Coast Guard Research & Development Center

  2016-05
• ICS-CERT Monitor [March/April 2016]

  Show summary     Open resource [pdf]     (open full abstract)

  This edition of the Industrial Control Systems Cyber Emergency Response Team's (ICS-CERT) ICS-CERT Monitor Newsletter contains the following articles: "What is Your Data Backup and Recovery Plan?"; "ICS-CERT Incident Handling"; "Protected Critical Infrastructure Information Program"; "Use Strong Passwords"; "ICS-CERT Assessment Activity for March/April 2016"; " ICS-CERT News: Ukraine Action Campaign"; and "Open Source Situational Awareness Highlights".

  United States. Department of Homeland Security; Industrial Control Systems Cyber Emergency Response Team

  2016-05
• ICS-CERT Monitor [May/June 2016]

  Show summary     Open resource [pdf]     (open full abstract)

  This edition of the Industrial Control Systems Cyber Emergency Response Team's (ICS-CERT) ICS-CERT Monitor Newsletter contains the following articles: "Viewing Your Network through the Eyes of an Attacker"; "Understanding the Protected Critical Infrastructure Information Process"; "Industrial Control Systems Joint Working Group"; and "ICS-CERT [Industrial Control Systems-Cyber Emergency Response Team] Assessment Activity for May/June 2016".

  United States. Department of Homeland Security; Industrial Control Systems Cyber Emergency Response Team

  2016-05
• Maritime Cyber Security University Research: Phase I - Final Report Appendices

  Show summary     Open resource [pdf]     (open full abstract)

  "Modern maritime systems are highly complex digital systems to ensure the safety and efficient operation of the shipping traffic so vital to the global economy. The vulnerabilities associated with reliance on digital systems in the maritime environment must be continuously examined. System protections must be ever ready to monitor vulnerabilities and secure maritime traffic systems. The U.S. Coast Guard must ensure the integrity of the entrances to our 'digital ports' and work to develop practical cyber security solutions to protect the nation's maritime infrastructure."

  United States. Department of Homeland Security; U.S. Coast Guard Research & Development Center

  2016-05
• Healthcare and Public Health Sector-Specific Plan [May 2016]

  Show summary     Open resource [pdf]     (open full abstract)

  "This Healthcare and Public Health (HPH) Sector-Specific Plan (SSP) is designed to guide the Sector's internal and collaborative, cross-sector efforts to enhance the security and resilience of HPH critical infrastructure to all-hazards across its physical, cyber, and human dimensions. The SSP tailors the strategic guidance provided in the National Infrastructure Protection Plan 2013 (NIPP 2013) to the unique operating conditions and risk landscape of the vast and complex HPH Sector."

  United States. Department of Homeland Security; United States. Department of Health and Human Services

  2016-05
• Countering Cyber Threats through Technical Cooperation with the Department of Defense, Fiscal Year 2015 Report to Congress

  Show summary     Open resource [pdf]     (open full abstract)

  From the Introduction: "The DHS vision of the Internet is of a safe, secure, and resilient infrastructure through which the American way of life can thrive. Many Components in DHS contribute to this mission: the Office of the Chief Information Officer (OCIO), the National Protection and Programs Directorate (NPPD), the Science and Technology Directorate (S&T), the United States Coast Guard (USCG), and the United States Secret Service (USSS). All of these individual Components work together with the Department of Defense (DOD) to protect American interests from cybersecurity threats. As an ongoing, collaborative process, the level of cybersecurity cooperation between DHS Components and DOD continues to grow in depth, breadth, and scope."

  United States. Department of Homeland Security

  2016-04-05
• Role of Cyber Insurance in Risk Management, Hearing Before the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies of the Committee on Homeland Security, U.S. House of Representatives, One Hundred Fourteenth Congress, Second Session, March 22, 2016

  Show summary     Open resource [pdf]     (open full abstract)

  This testimony compilation is from the March 22, 2016 hearing on "Role of Cyber Insurance in Risk Management" before the U.S. House of Representatives Committee on Homeland Security. From the Opening Statement of John Ratcliffe, "The House Homeland Security Committee, Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies meets today to hear from key stakeholders about the role of cyber insurance in managing risk. Just yesterday the Bipartisan Policy Center came out with a publication on the room for growth in this market and the barriers that it faces. Specifically, we hope to hear about the potential for cyber insurance to be used to drive companies of all sizes to improve their resiliency against cyber attacks and develop a more effective risk management strategy, leading to a safer Internet for all Americans. The cyber insurance market is in its infancy. But it's easy to envision its vast potential. Just as the process of obtaining home insurance can incentivize homeowners to invest in strong locks, smoke detectors, and security alarms, the same could be true for companies seeking to obtain cyber insurance. It is for that reason that I look forward to hearing from the witnesses today on the current state of the cyber insurance market, and what can be done to develop, improve, and expand the availability of cyber insurance in the future." Statements, letters, and materials submitted for the record include those of the following: Matthew McCabe, Adam W. Hamm, Daniel Nutkis, and Tom Finan.

  United States. Congress. House. Committee on Homeland Security

  2016-03-22
• Cyber and Infrastructure Protection Transition Way Ahead: Fiscal Year 2016 Report to Congress

  Show summary     Open resource [pdf]     (open full abstract)

  "In October 2015, DHS provided Congress a plan to transition the National Protection and Programs Directorate (NPPD) to an organizational structure that would address the growing risks to critical infrastructure. This current report provides additional details about why and how this transition will occur. The transition would designate NPPD as an operational component within DHS, change its name to Cyber and Infrastructure Protection, and realign the component's programs and functions. The transition is necessary to improve component management and to utilize the component's national operational activities in a way that will meet the evolving requirements of the cybersecurity and critical infrastructure mission. NPPD has invested significant time over the last two years refining the strategic transition objectives and developing the plan to achieve those objectives. The next stage is to work with Congress to authorize and implement the plan. The transition will improve the component's operational focus and strengthen internal coordination between distinct, but heavily linked, areas of operational activity. NPPD will consolidate current operational activities into three subcomponents: the National Cybersecurity and Communications Integration Center, Infrastructure Security, and the Federal Protective Service. These subcomponents will be supported by centralized mission support functions that provide acquisition, business, strategic, and analytical services. The mission support functions will provide much needed component-wide governance, oversight, and coordination, with more efficient standardized processes and procedures. The need for, and the benefits of, the transition is outlined in Section I. Section II details the current organizational structure, the proposed organizational structure, and the alternatives analyzed as part of our implementation planning efforts."

  United States. Department of Homeland Security

  2016-03-17
• Privacy Impact Assessment for the Automated Indicator Sharing (AIS)

  Show summary     Open resource [pdf]     (open full abstract)

  "The Department of Homeland Security (DHS) National Protection and Programs Directorate's (NPPD) Office of Cybersecurity and Communications (CS&C) has developed an Automated Indicator Sharing (AIS) initiative to enable the timely exchange of cyber threat indicators and defensive measures among federal and non-federal entities. These cyber threat indicators and defensive measures are shared consistent with the need to protect information systems from cybersecurity threats, mitigate cybersecurity threats, and comply with any other applicable provisions of law authorized by the Cybersecurity Information Sharing Act of 2015 (CISA) in a manner that ensures appropriate incorporation of privacy, civil liberties, and other compliance protections. Central to the AIS initiative and consistent with the requirements of CISA, the DHS National Cybersecurity and Communications Integration Center (NCCIC) serves as the centralized hub for exchanging cybersecurity threat information using a DHS-accredited infrastructure. NPPD is conducting this Privacy Impact Assessment (PIA) because personally identifiable information (PII) may be submitted as part of or accompanying a cyber threat indicator or defensive measure. This PIA updates and retires DHS/NPPD/PIA-029 Automated Indicator Sharing PIA, issued October 28, 2015."

  United States. Department of Homeland Security

  2016-03-16