On Dec. 15th, 2011, William Jackson wrote for Government Computer News on a new cybersecurity strategy released by the DHS. The DHS cybersecurity strategy focuses on protecting critical infrastructure and would fit seamlessly with proposed legislation that promotes information sharing between the private sector and the US government. There are a few cybersecurity bills floating around right now. The Rogers-Ruppersberger bill would focus cybersecurity responsibility with the NSA, while the PrECISE Act would focus responsibility with DHS.
According to the article, the DHS strategy has the usual mix of broad goals, including "reducing exposure to cyber risk" and "increasing resilience."
However, the strategy does contain some concrete aims. Specifically, the strategy calls for DHS to measure critical infrastructure protection by using outcome-based metrics that "demonstrate that owners and operators appropriately manage risks and the infrastructure is able to maintain adequate security . . . in the face of the most consequential hazards." The article listed some of those metrics:
- Whether information and communication technology risk is well defined, understood and managed by users.
- Whether the identities of individuals, organizations, networks, services, and devices are appropriately validated.
- Whether organizations and individuals routinely apply security and privacy standards and best practices.
- Whether interoperable security capabilities are built into information and communication technologies.
- Whether, where appropriate, near real-time, machine-to-machine coordination provides indication, warning, and automated incident response.
The GCN source article can be found here.
The DHS cybersecurity strategy can be found here.
Leave a Reply