AT THE RECENT 2014 Aspen Ideas Festival, former 9/11 Commission Chairman and Governor of New Jersey, Tom Kean, noted that cybersecurity has exponentially grown as a threat since the original 9/11 Commission Report was issued.
The Governor is right–much has changed in the last decade. While dire terrorism threats remain, cyberterrorism and cybercrime have elevated as persistent, sophisticated, and dangerous threats to security and commerce.
The new reality is that almost all of our critical infrastructures operate in a digital environment, including the health care, transportation, communications, financial, and energy industries. While the information technology landscape has greatly evolved, so have the vulnerabilities. Ten years after 9/11 we are all reliant on the Internet’s connectivity for vital human services in almost every aspect of our daily lives.
security privacy cyberIn addition to its primary role in combating terrorism, the Department of Homeland Security (DHS) has assumed the lead civilian agency role in government for addressing cybersecurity. The agency’s role has evolved in correlation with the growing and complex threat, especially to the critical infrastructure.
Developments in the last few years have shaped DHS’s policy role. In July of 2010, The Office of Management and Budget (OMB) designated DHS with the primary responsibilities of overseeing the federal-wide information security program and evaluating its compliance with the Federal Information Security Management Act (FISMA) of 2002. As a result, DHS became responsible for overseeing the protection of the .gov domain and also for detecting and responding to malicious activities and potential threats. DHS was also charged with annually reviewing the cyber security programs of all federal departments and agencies.
In October of 2012, President Obama issued an Executive Order further delineating DHS’s increased cybersecurity role toward developing standards and enhancing information sharing with critical infrastructure owners and operators. The Executive Order was aimed at identifying vulnerabilities, ensuring security, and integrating resilience in the public/private cyber ecosystem and had three areas of major focus: 1) Increase information sharing with the private sector, including classified cyber threat data; 2) Create a voluntary framework based on industry best practices to improve the cybersecurity of critical infrastructure providers; and 3) Protect privacy and civil liberties throughout the sharing and framework. DHS created eight working groups to implement the Executive Order.