5.3 Department of Homeland Security (DHS)
The Cybersecurity Information Sharing Act of 2015 gives responsibility to the DHS, Director of National Intelligence (DNI), Department of Defense (DoD) and Department of Justice (DOJ) to “develop procedures to share cybersecurity threat information with private entities, non federal agencies, state, tribal, and local governments, the public, and entities under threats.” (S.754 - Cybersecurity Information Sharing Act of 2015.) FISMA 2014 amended FISMA 2002 by “codifying DHS authority” to oversee information security policies for non-national security federal Executive Branch systems. (CISA. The Federal Information Security Modernization Act of 2014.)
In accordance with CISA, DHS must establish processes where private sector entities can share information about cybersecurity threats with the Federal Government. DHS manages the delivery and adoption of BODs to federal agencies.
The United States Computer Emergency Readiness Team (US-CERT) works within DHS to prevent cyberthreats and coordinate incident response activities. US-CERT works with federal agencies, private sector, research entities, state and local government and international groups to protect the national technology landscape. (US-CERT. Infosheet.) The Continuous Diagnostics and Mitigation (CDM) Program “delivers automated tools” to federal agencies to build defense against threats to the national technology infrastructure. (CISA. Continuous Diagnostics and Mitigation (CDM).)
Cybersecurity and Infrastructure Security Agency (CISA)
CISA is one of the newest federal agencies, established as an independent operational component of DHS in 2018 through the expansion of DHS’s National Protection and Programs Directorate (NPPD). CISA is responsible for the national capacity to defend against cyber-attacks, and CISA works with the federal government to provide cybersecurity tools, incident response services, and assessment capabilities to safeguard “.gov” networks. Additionally, CISA houses the National Risk Management Center (NRMC) which is tasked with planning, analysis, and collaboration to identify and address significant risks to critical infrastructure.
CISA’s Cybersecurity Division is the focal point for cybersecurity and related IT systems, and is tasked with seven primary functions:
- Capability Delivery
- Threat Hunting
- Operational Collaboration
- Vulnerability Management
- Capacity Building
- Strategy, Resources & Performance
- Cyber Defense Education & Training
CISA also maintains a Cyber Resource Hub (CISA. Cyber Resource Hub) which includes a range of voluntary cybersecurity assessments that evaluate operational resilience, cybersecurity practices, organizational management of external dependencies, and other key elements of a robust cybersecurity framework. Additional information including Best Practices, case studies, training and exercises, and information about CISA’s Annual National Cybersecurity Summits can be found on the CISA.gov website.
Continuous Diagnostic Mitigation (CDM) Program
The CDM Program works under CISA to strengthen the cybersecurity of federal departments and agencies. CDM offers “industry-leading, commercial off-the-shelf (COTS) tools to support technical modernization as threats change.” This program meets FISMA mandates and delivers four main objectives: reducing threats at the agency level, increasing visibility into the strengths of federal cybersecurity, improving cybersecurity response capabilities, and streamlining FISMA reporting.
US-CERT works under CISA to prevent cyberthreats and coordinate incident response activities. US-CERT works with federal agencies, private sector, research entities, state and local government and international groups to protect the national technology landscape. (US-CERT. Infosheet.)
- Providing cybersecurity protection to Federal civilian executive branch agencies through intrusion detection and prevention capabilities.
- Developing timely and actionable information for distribution to Federal departments and agencies; state, local, tribal, and territorial (SLTT) governments; critical infrastructure owners and operators; private industry; and international organizations.
- Responding to incidents and analyzing data about emerging cybersecurity threats.
- Collaborating with foreign governments and international entities to enhance the nation’s cybersecurity posture. (CIO Council. CISO Handbook.)