The Strategy organizes itself around five pillars: Risk Identification, Vulnerability Reduction, Threat Reduction, Consequence Mitigation, Enable Cybersecurity Outcomes.
Within the pillars are seven “goals”: 1. Assess Evolving Cybersecurity Risks, 2. Protect Federal Government Information Systems, 3. Protect Critical Infrastructure, 4. Prevent and Disrupt Criminal Use of Cyberspace, 5. Respond Effectively to Cyber Incidents, 6. Strengthen the Security and Reliability of the Cyber Ecosystem, 7. Improve Management of DHS Cybersecurity Activities.
The Strategy notes that end-to-end encryption, anonymous networks, online marketplaces, and cryptocurrencies are among the cybersecurity issues where DHS needs to improve its performance.
If you’d like more information on the Strategy, and you don’t have time to review the full 35-page document linked above, try the Department’s fact sheet on the subject.
PUTTING IT INTO PRACTICE: While parts of the Strategy are focused only on governmental issues such as election security that have little immediate relevance for the average company, it signals that the Department is going to engage more on cybersecurity with private industry. Companies should look for opportunities to take advantage of the resources and assistance it will offer. Moreover, as the lead cybersecurity agency for the entire federal government, the general themes and approaches DHS takes toward cybersecurity can be instructive to anyone tracking where the government is headed on cybersecurity, or looking to improve their own program.
White House Eliminates Top Cybersecurity Position
Posted on May 18, 2018
On May 15, the White House announced that it was eliminating the position of Cybersecurity Coordinator at the National Security Council, the highest position at the White House devoted to cybersecurity. While not unexpected, this move is significant.
Symbolically, eliminating this senior position arguably sends a signal that this Administration is less focused on cybersecurity as a priority.
Functionally, it means there will be no single person in the White House accountable to the President and the National Security Advisor on cyber issues.
Administratively, and perhaps most significantly, the White House’s ability to coordinate cybersecurity among the agencies, arbitrate disputes, and set direction for policy initiatives government-wide will likely be degraded.
While the White House is explaining the move by saying it will streamline management, increase efficiency, reduce bureaucracy and raise accountability, in the short run at least it seems likely to sow some confusion and increase the criticism of federal cybersecurity policy that has already gone on for several years.
PUTTING IT INTO PRACTICE: Any hopes companies harbored for increased clarity and leadership from the Administration on cybersecurity seem to be fading. Companies will have to spend more time monitoring the cybersecurity initiatives and requirements of individual agencies, which will likely become less coordinated going forward.
                    Eye on Privacy 2018 Year in Review 32