The U.S. Dept. of Homeland Security (DHS) released a strategy on May 15 outlining its approach to managing national cybersecurity risk. The DHS strategy details an approach to address the evolving threats to U.S. cyber and critical infrastructure security. It's available here.
“The cyber threat landscape is shifting in real time, and we've reached a historic turning point,” says DHS Secretary Kirstjen Nielsen. “That's why DHS is rethinking its approach by adopting a more comprehensive cybersecurity strategy. In an age of brand-name breaches, we must think beyond the defense of specific assets, and confront systemic risks that affect everyone from tech giants to homeowners. Our strategy outlines how DHS will leverage its capabilities on the digital battlefield to defend U.S. networks and get ahead of cyber threats.”
The department’s strategy sets forth a five-part approach to manage national cyber risk aimed at ensuring availability of critical national functions and fostering efficiency, innovation, trustworthy communication, and economic prosperity in ways consistent with U.S. national values to protect privacy and civil liberties:
- Risk identification—assess evolving, national cybersecurity risk posture to prioritize risk management;
- Vulnerability reduction—protect federal information systems by reducing the vulnerabilities of federal agencies;
- Threat reduction—reduce national cyber threats by countering criminal organizations and cyber criminals.
- Consequence mitigation—respond effectively to cyber incidents to minimize their consequences through coordinated, community-wide response efforts.
- Enable cybersecurity outcomes—strengthen the security and reliability of the cyber ecosystem by supporting policies and activities that enable improved global cybersecurity risk management.