National Strategy to Secure Cyber Space
The National Strategy to Secure Cyberspace outlines an initial
framework for both organizing and prioritizing efforts to protect
against disruptions to our critical information systems and reduce
vulnerabilities to cyber threats. It provides direction to the departments and agencies in the federal government that have roles in
cyberspace security. It also identifies steps that state and local
governments, private companies and organizations, and individual
Americans can take to improve our collective cyber security. The
strategy emphasizes public-private partnerships and provides a
framework for contributions that all Americans can make to secure
cyberspace.
The Department of Homeland Security's National Cyber
Security Division (NCSD) has been charged with coordinating the implementation of the
strategy, and is partnering with private and public organizations to
develop long-term solutions to address the considerable challenges
inherent to securing cyberspace.
Read the entire text of the National Strategy to Secure Cyberspace .
HSPD-7 Critical Infrastructure Identification,
Prioritization, and Protection
Released on December 17, 2003,
Homeland Security Presidential Directive-7 (HSPD-7) establishes a
national policy for federal departments and agencies to identify and
prioritize United States critical infrastructure and key resources and
to protect them from terrorist attacks.
Designated by HSPD-7 as the sector lead for Information Technology
(IT), the Department of Homeland Security's National Cyber Security
Division (NCSD) is spearheading the development of an IT
sector-specific plan to identify critical assets, vulnerabilities, and
map interdependencies. Read HSPD-7 at http://www.whitehouse.gov/news/releases/2003/12/20031217-5.html for more information.
Legislative Testimony
Locking Your Cyber Front DoorThe Challenges Facing Home Users and Small Businesses
Amit Yoran, Director of the
National Cyber Security Division, Office of Infrastructure Protection of the U.S. Department of Homeland
Security
Before the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census Committee on Government Reform
June 16, 2004
Information SecurityVulnerability Management Strategies and Technology
Amit Yoran, Director of the
National Cyber Security Division, Office of Infrastructure Protection of the U.S. Department of Homeland
Security
Before the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census Committee on Government Reform
June 2, 2004
Protecting Our Nation's Cyber Space: Educational
Awareness for the Cyber Citizen
Amit Yoran, Director of the
National Cyber Security Division of the Department of Homeland
Security
Before the House Government Reform Committee and the
Subcommittee on Technology
April 21, 2004
Homeland Cybersecurity and DHS Enterprise
Architecture Budget Hearing for Fiscal Year 2005
Robert P. Liscouski, Assistant Secretary of the Department of Homeland Security for Infrastructure Protection
Before the House Select Committee on Homeland Security U.S. house of Representatives and the Subcommitte on Cybersecurity, Science, and Research & Development
March 30, 2004
Virtual Threat, Real Terror: Cyberterrorism in the 21st Century
Amit Yoran, Director of the National Cyber Security Division of the Department of Homeland Security
Before the Senate Judiciary Committee and the Subcommittee on Terrorism, Technology, and Homeland Security
February 24, 2004
Statement of Robert Liscouski
Robert P. Liscouski, Assistant Secretary of the Department of Homeland Security for Infrastructure Protection
Before the House Select Committee on Homeland Security and the Subcommittee on Cybersecurity, science, and Research and Technology
Spetember 17, 2003
International
Because cyberspace is not
contained within a single country's borders, the battle for securing
cyberspace must be fought on all fronts by all nations. Our
interconnectedness to the world makes us dependent on and vulnerable
to outside products and influences. International collaboration and relationships are vital to defending against such threats.
The NCSD participates in several international arenas to build and
strengthen information sharing relationships and agreements. As the
operational arm of the NCSD, US-CERT collaborates with
international partners to share critical cyber threat and
vulnerability information in order to provide warning of and
mitigate damage from cyber attacks.
Specifically, in coordination with the U.S. Department of State, the
NCSD is engaged with multilateral policy-making organizations to strengthen the
global culture of security. Those organizations include the United Nations, the Group of Eight (G8) Summit, the Asia-Pacific Economic Cooperation (APEC), the Organisation for Economic Co-operation and Development (OECD),
and the Organization of American States (OAS). The NCSD also participates in bilateral, international
cyber security cooperative efforts with the UK, Canada, Mexico,
Australia, Germany, and India. Further, the NCSD is promoting US-CERT
partnerships (including building Computer Security Incident Response
Team (CSIRT) capabilities globally).
Software Assurance
The NCSD is committed to implementing a plan that will make security a
central component of the process used to develop, test and deploy
software.
Through its Software Assurance initiative and in collaboration with the public and private sectors, the NCSD explores
software development life-cycle processes, procedures, and testing
tools to
mitigate risks and assure software integrity. Programs focus on developing best practices and guidelines for developers, examining
software testing methods, aiding educational institutions in developing
curriculum, and investigating the development of a national software testing
lab.
Exercise Planning
The NCSD includes public and private stakeholders when planning and coordinating cyber security exercises. Exercises focus on developing and maintaining expert knowledge of and proficiency
in the management, integration, and employment of cyber security
resources and best practices.
Training and Education
The NCSD works with qualified Training and Education organizations to increase the ranks of America's qualified cyber secuirty workforce. The NCSD is working to establish education and trailing standards for professionals serving in cyber security capacities. As part of these efforts, the Department of
Homeland Security recently signed agreements to co-sponsor and partner
with the National Security Agency (NSA), National Centers of Excellence in Information Assurance Education (NCEIAE), and the National Science Foundation (NSF) Scholarship for
Service programs. More information on these programs is located in the Resources section of the US-CERT web site.
Research and Development, Standards and Best Practices
The NCSD works to identify key cyber security R&D; requirements and standards issues, and to assemble and distribute cyber prevention and response best practices. The NCSD works actively with other DHS componenets, the Office of Science and Technology Policy, other federal agencies, industry, academia, and U.S. and international standards organizations in this area.