Just Released: 2018 DHS Cybersecurity Strategy

Today, the Department of Homeland Security (DHS) released its 2018 Cybersecurity Strategy. The document sets out a clear goal in the vision, to foster “a more secure and reliable cyber ecosystem” via increased security and resilience through a departmental-wide program during the next five years. Under the guiding principles of risk prioritization, cost-effectiveness, innovation and agility, collaboration, and global approach, and operating within the constantly-evolving cyber threat environment, the Department has laid out five pillars and seven goals in order to accomplish the five-year vision.

Pillar I: Risk Identification
Goal 1: Assess Evolving Cybersecurity Risks – DHS will implement procedures to hedge against a “failure of imagination”. This will include not only increasing and maintaining strategic awareness, but also assessing and anticipating changing techniques and technologies of cyber warfare and security.

Pillar II: Vulnerability Reduction
Goal 2: Protect Federal Government Information Systems – Developing clear governance and oversight of federal cybersecurity will mitigate risk and increase efficiency and effectiveness.
Goal 3: Protect Critical Infrastructure – Through the inclusion of critical field personnel, DHS can engage and bolster stakeholder investment, involvement, and awareness in order to minimize gaps in critical infrastructure cybersecurity across the national, public health and safety, and economic security communities.

Pillar III: Threat Reduction
Goal 4: Prevent and Disrupt Criminal Use of Cyberspace – While DHS must continue to focus on its core role of “identifying, disrupting, and dismantling transnational criminal organizations”, especially as related to illicit materials and human trafficking, the Department must also leverage its relationship with law enforcement to increase cybersecurity resiliency, and mitigate cyber threats as related to high-risk critical infrastructure and federal facilities.

Pillar IV: Consequence Mitigation
Goal 5: Respond Effectively to Cyber Incidents – DHS can increase cyber incident response by expanding voluntary incident reporting, and widening the scope of coordination between threat response and asset response capabilities.

Pillar V: Enable Cybersecurity Outcomes
Goal 6: Strengthen the Security and Reliability of the Cyber Ecosystem – Improved global cybersecurity risk management will include more secure innovations at the technical, operational, and policy level. The status quo in cybersecurity should shift from one of maintenance and staying afloat, to proactive and progressive research and innovation which fosters resiliency across software, hardware, services, and technologies.
Goal 7: Improve Management of DHS Cybersecurity Activities – This strategy contains a lot of moving parts. DHS affirms it can accomplish the above components through allowing the DHS Office of Strategy, Policy, and Plans (PLCY) to establish internal mechanisms which consistently assess, measure, and re-focus the Department’s priorities and efforts in order to ensure that this strategy is implemented and wholly accomplished by 2023 target date.