Cybersecurity

The Cybersecurity and Infrastructure Security Agency (CISA) leads the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. The agency connects its stakeholders in industry and government to each other and to resources, analyses, and tools to help them fortify their cyber, communications, and physical security and resilience, which strengthens the cybersecurity posture of the nation.   

CISA is at the center of the exchange of cyber defense information and defensive operational collaboration among the federal government, and state, local, tribal and territorial (SLTT) governments, the private sector, and international partners. The agency has two primary operational functions. First, CISA is the operational lead for federal cybersecurity, charged with protecting and defending federal civilian executive branch networks in close partnership with the Office of Management and Budget, the Office of the National Cyber Director, and federal agency Chief Information Officers and Chief Information Security Officers. Second, CISA is the national coordinator for critical infrastructure security and resilience, working with partners across government and industry to protect and defend the nation’s critical infrastructure.

• Learn more about how CISA is coordinating DHS’s broad cyber mission.

The Cyber Safety Review Board (CSRB), an independent public-private advisory body administered by DHS through CISA, brings together public and private sector cyber experts/leaders to review and draw lessons learned from the most significant cyber incidents. Under the leadership of the Board’s Chair, DHS Under Secretary for Policy Robert Silvers, and Deputy Chair, Google VP for Security Engineering Heather Adkins, the CSRB recently published its first report on the Log4j software vulnerability. The report included 19 actionable recommendations for the public and private sectors to work together to build a more secure software ecosystem. DHS is already leading by example to implement the recommendations, through CISA guidance and Office of the Chief Information Officer initiatives to enhance open source software security and invest in open source software maintenance.

The Transportation Security Agency (TSA) is charged with securing the nation’s transportation systems, which includes aviation, intermodal and surface transportation. The network of surface transportation operators include highway and motor carriers, freight and passenger railroad carriers, pipeline owners and operators, and mass transit carriers. In close coordination with CISA, TSA uses a combination of regulation and public-private partnerships to strengthen cyber resilience across the broad transportation network. TSA’s efforts include a combination of cybersecurity assessments and engagements; stakeholder education; publication of cybersecurity guidance and best practices; and use of its regulatory authority to mandate appropriate and durable cybersecurity measures.

The United States Coast Guard (USCG) enables operations at sea, in the air, on land and space by delivering effects and capabilities in and through cyberspace. It is the nation’s lead federal agency for securing and safeguarding the maritime domain. In its role as a military, law enforcement, and regulatory agency, the Coast Guard has broad authority to combat cyber threats and protect U.S. maritime interests both domestically and abroad. In support of the Maritime Transportation System (MTS), the Coast Guard continually promotes best practices, identifies potential cyber-related vulnerabilities, implements risk management strategies, and has in place key mechanisms for coordinating cyber incident responses.

The United States Secret Service (USSS) investigates a range of cyber-enabled crime with a particular focus on protecting the nation’s financial infrastructure. The Secret Service cybercrime mission focuses on acts that target and threaten the American financial system, such as network intrusions and ransomware, access device fraud, ATM and point-of-sale system attacks, illicit financing operations and money laundering, identity theft, social engineering scams, and business email compromises. Through the agency’s Cyber Fraud Task Forces (CFTF), the Secret Service brings together critical partners, to include other law enforcement agencies, prosecutors, private industry, and academia, to pursue a comprehensive response to the threat.

Immigration and Customs Enforcement - Homeland Security Investigations (ICE HSI) is a worldwide law enforcement leader in dark net and other cyber-related criminal investigations. HSI's Cyber Crimes Center (C3) delivers computer-based technical services to support domestic and international investigations into cross-border crime. C3's Child Exploitation Investigations Unit (CEIU) is a powerful tool in the fight against the sexual exploitation of children; the production, advertisement and distribution of child pornography; and child sex tourism.

The Office of the Chief Information Officer (OCIO) ensures strong cybersecurity practices within DHS, so that the Department may lead by example. OCIO works with component agencies to mature the cybersecurity posture of the Department as a whole. OCIO continues to secure and strengthen the Department of Homeland Security’s cybersecurity posture by implementing and managing the DHS Information Security Program and ensuring DHS' compliance with applicable federal laws, executive orders, directives, policies, and regulations.

The Office of Policy is leading the whole of federal government effort to coordinate, de-conflict, and harmonize cyber incident reporting requirements through the Cyber Incident Reporting Council. Established under the bipartisan Cyber Incident Reporting for Critical Infrastructure Act, the Council brings together federal departments and independent regulators. Through the Council, the Office of Policy is extensively engaging with private sector stakeholders to ensure that we hear from the stakeholders themselves who will benefit from streamlined reporting requirements to ensure greater quality, quantity, and timeliness.

Fair and free elections are a hallmark of American democracy. The American people’s confidence in the value of their vote is principally reliant on the security and resilience of the infrastructure that makes the Nation’s elections possible. Accordingly, an electoral process that is both secure and resilient is a vital national interest and one of the Department of Homeland Security’s highest priorities. The Department’s Cybersecurity and Infrastructure Security Agency (CISA) is committed to working collaboratively with those on the front lines of elections—state and local governments, election officials, federal partners, and vendors—to manage risks to the Nation’s election infrastructure. CISA will remain transparent and agile in its vigorous efforts to secure America’s election infrastructure from new and evolving threats.

• Learn more about DHS efforts on election security

On May 12, 2021, President Biden signed an Executive Order to improve the nation’s cybersecurity and protect federal government networks following recent cybersecurity incidents exploiting SolarWinds and Microsoft Exchange. This Executive Order makes a significant contribution toward modernizing cybersecurity defenses by protecting federal networks, improving information-sharing between the U.S. government and the private sector on cyber issues, and strengthening the United States’ ability to respond to incidents when they occur. DHS encourages private sector companies to follow the Federal government’s lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents.

Most of the actions outlined in the Executive Order are to be implemented by the Department of Homeland Security, namely CISA. In addition, Congress provided CISA with new authorities in the 2021 National Defense Authorization Act (NDAA) and with a down payment to improve the protection of civilian federal government networks with the funding provided through the American Rescue Plan. This ongoing priority will therefore focus on implementing the Executive Order, the NDAA, and the funding provided by Congress in an effective and timely manner.

• Learn more about President Biden’s Executive Order

The Executive Order signed by President Biden in May 2021 focuses on improving software supply chain security by establishing baseline security standards for development of software sold to the government, including requiring developers to maintain greater visibility into their software and making security data publicly available. It stands up a concurrent public-private process to develop new and innovative approaches to secure software development and uses the power of Federal procurement to incentivize the market. Finally, it creates a pilot program to create an “energy star” type of label so the government – and the public at large – can quickly determine whether software was developed securely.

Too much of software, including critical software, is shipped with significant vulnerabilities that can be exploited by cyber criminals. The Federal Government will use its purchasing power to drive the market to build security into all software from the ground up.

This ongoing priority will focus on implementing this part of the Executive Order.

• Learn more about President Biden’s Executive Order
• “CISA Announces Renewal of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force” (August 2, 2021)

In his March 31, 2021 speech, Secretary Mayorkas stressed the need for senior leaders to focus on strategic, on-the-horizon challenges and emerging technology. He specifically highlighted the importance of the transition to post-quantum encryption algorithms pointing out that the transition is as much dependent on the development of such algorithms as it is on their adoption. While the former is already ongoing, planning for the latter remains in its infancy. The government and industry must prepare for it now to protect the confidentiality of data that already exists today and remains sensitive in the future.

Together with its interagency partners, DHS is developing a plan for how the Department can help facilitate this transition. Considering the scale, implementation will be driven by the private sector, but the government can help ensure the transition will occur equitably, and that nobody will be left behind. DHS will focus on three pillars to drive this work forward, working in close coordination with NIST and other Federal and nonfederal stakeholders: (1) Planning for DHS’s own transition to quantum resistant encryption, (2) Cooperating with NIST on tools to help individual entities prepare for and manage the transition, and (3) Developing a risks and needs-based assessment of priority sectors and entities and engagement plan.

• Launch of DHS Guidance, Roadmap, and FAQs in partnership with NIST