Cybersecurity
Our daily life, economic vitality, and national security depend on a stable, safe, and resilient cyberspace.
-
Vulnerability Disclosure Program Policy and Rules of Engagement
In accordance with Section 101 and Title I of the SECURE Technology Act (P.L. 115-390), this policy provides security researchers with clear guidelines for (1) conducting vulnerability and attack vector discovery activities directed at Department of Homeland Security (DHS) systems and (2) submitting those discovered vulnerabilities. This policy has been developed in consultation with the Attorney General, the Secretary of Defense, the Administrator of GSA, and non-governmental security researchers.
-
Under Secretary Silvers Delivers Remarks at the Munich Cyber Security Conference
Under Secretary for Strategy, Policy, and Plans Robert Silvers delivered remarks at the 2023 Munich Cyber Security Conference.
-
Cyber Mission Overview
Overview of the Cyber Mission of the Department of Homeland Security, a top priority of the Biden-Harris Administration.
-
Cryptographic Agility Infographic
The Cryptographic Agility Infographic illustrates a design feature that enables updates to future cryptographic algorithms and standards without the need to modify or replace the surrounding infrastructure.
-
DHS Space Policy
Within the homeland security enterprise, space-based systems play a critical role in securing the homeland as DHS components and partners rely heavily on space systems to provide information and communications necessary for mission success. The DHS Space Policy guides component efforts internally and across the homeland security enterprise.
-
DHS Cybersecurity Service Overview for Potential Applicants
Information about the DHS Cybersecurity Service.
-
2017 NTTX Situation Manual
This exercise is a part of a two-day event including seminars/workshops and a tabletop exercise (TTX) geared toward examining issues related to cybersecurity impacting physical infrastructure systems on college and university campuses. The TTX portion of the event consists of a scenario-driven, facilitated discussion and is designed to examine roles, responsibilities, authorities, and capabilities to enhance the resilience of institutions of higher education.
-
Cyber Incident Reporting: A Unified Message for Reporting to the Federal Government
Cyber Incident Reporting: A Unified Message for Reporting to the Federal Government
-
DHS/CISA/PIA-026 National Cybersecurity Protection System (NCPS)
The National Cybersecurity Protection System (NCPS) is an integrated system for intrusion detection, analysis, intrusion prevention, and information sharing capabilities that are used to defend the federal civilian government’s information technology infrastructure from cyber threats. The NCPS includes the hardware, software, supporting processes, training, and services that are developed and acquired to support its mission. The Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), National Cyber Security Division (NCSD) is conducting this Privacy Impact Assessment (PIA) because personally identifiable information (PII) may be collected by the NCPS, or through submissions of known or suspected cyber threats received by the United States–Computer Emergency Readiness Team (US-CERT) for analysis. This PIA will serve as a replacement for previously published PIAs submitted by NSCD for the 24/7 Incident Handling Center (March 29, 2007), and the Malware Lab Network (May 4, 2010), and is a program-focused PIA to better characterize the efforts of NCPS and US-CERT.
-
DHS/CISA/PIA-029 Automated Indicator Sharing
The Department of Homeland Security (DHS) National Protection and Programs Directorate’s (NPPD) Office of Cybersecurity and Communications (CS&C) has developed an Automated Indicator Sharing (AIS) initiative to enable the timely exchange of cyber threat indicators and defensive measures among federal and non-federal entities. These cyber threat indicators and defensive measures are shared consistent with the need to protect information systems from cybersecurity threats, mitigate cybersecurity threats, and comply with any other applicable provisions of law authorized by the Cybersecurity Information Sharing Act of 2015 (CISA) in a manner that ensures appropriate incorporation of privacy, civil liberties, and other compliance protections. Central to the AIS initiative and consistent with the requirements of CISA, the DHS National Cybersecurity and Communications Integration Center (NCCIC) serves as the centralized hub for exchanging cybersecurity threat information using a DHS-accredited infrastructure. NPPD is conducting this Privacy Impact Assessment (PIA) because personally identifiable information (PII) may be submitted as part of or accompanying a cyber threat indicator or defensive measure. This PIA updates and retires DHS/NPPD/PIA-029 Automated Indicator Sharing PIA, issued October 28, 2015.