US-CERT: Policy

Home | FAQ | Contact | Privacy Policy | Unsubscribe from Alerts

Sign Up to receive Cyber Alerts by email.

Policy

US-CERT policy encompasses both cyber security policies and strategic initiatives undertaken by the NCSD. This section contains policy information from a variety of sources as well as more information about strategic initiatives.

Cyber Security Policy

National Strategy to Secure Cyber Space
The National Strategy to Secure Cyberspace outlines an initial framework for both organizing and prioritizing efforts to protect against disruptions to our critical information systems and reduce vulnerabilities to cyber threats. It provides direction to the departments and agencies in the federal government that have roles in cyberspace security. It also identifies steps that state and local governments, private companies and organizations, and individual Americans can take to improve our collective cyber security. The strategy emphasizes public-private partnerships and provides a framework for contributions that all Americans can make to secure cyberspace.
The Department of Homeland Security's National Cyber Security Division (NCSD) has been charged with coordinating the implementation of the strategy, and is partnering with private and public organizations to develop long-term solutions to address the considerable challenges inherent to securing cyberspace.
Read the entire text of the National Strategy to Secure Cyberspace .

HSPD-7 Critical Infrastructure Identification, Prioritization, and Protection
Released on December 17, 2003, Homeland Security Presidential Directive-7 (HSPD-7) establishes a national policy for federal departments and agencies to identify and prioritize United States critical infrastructure and key resources and to protect them from terrorist attacks.
Designated by HSPD-7 as the sector lead for Information Technology (IT), the Department of Homeland Security's National Cyber Security Division (NCSD) is spearheading the development of an IT sector-specific plan to identify critical assets, vulnerabilities, and map interdependencies. Read HSPD-7 at http://www.whitehouse.gov/news/releases/2003/12/20031217-5.html for more information.

Legislative Testimony
Locking Your Cyber Front Door—The Challenges Facing Home Users and Small Businesses
Amit Yoran, Director of the National Cyber Security Division, Office of Infrastructure Protection of the U.S. Department of Homeland Security
Before the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census Committee on Government Reform
June 16, 2004
Information Security—Vulnerability Management Strategies and Technology
Amit Yoran, Director of the National Cyber Security Division, Office of Infrastructure Protection of the U.S. Department of Homeland Security
Before the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census Committee on Government Reform
June 2, 2004
Protecting Our Nation's Cyber Space: Educational Awareness for the Cyber Citizen
Amit Yoran, Director of the National Cyber Security Division of the Department of Homeland Security
Before the House Government Reform Committee and the Subcommittee on Technology
April 21, 2004
Homeland Cybersecurity and DHS Enterprise Architecture Budget Hearing for Fiscal Year 2005
Robert P. Liscouski, Assistant Secretary of the Department of Homeland Security for Infrastructure Protection
Before the House Select Committee on Homeland Security U.S. house of Representatives and the Subcommitte on Cybersecurity, Science, and Research & Development
March 30, 2004
Virtual Threat, Real Terror: Cyberterrorism in the 21st Century
Amit Yoran, Director of the National Cyber Security Division of the Department of Homeland Security
Before the Senate Judiciary Committee and the Subcommittee on Terrorism, Technology, and Homeland Security
February 24, 2004
Statement of Robert Liscouski
Robert P. Liscouski, Assistant Secretary of the Department of Homeland Security for Infrastructure Protection
Before the House Select Committee on Homeland Security and the Subcommittee on Cybersecurity, science, and Research and Technology
Spetember 17, 2003

International
Because cyberspace is not contained within a single country's borders, the battle for securing cyberspace must be fought on all fronts by all nations. Our interconnectedness to the world makes us dependent on and vulnerable to outside products and influences. International collaboration and relationships are vital to defending against such threats.
The NCSD participates in several international arenas to build and strengthen information sharing relationships and agreements. As the operational arm of the NCSD, US-CERT collaborates with international partners to share critical cyber threat and vulnerability information in order to provide warning of and mitigate damage from cyber attacks.
Specifically, in coordination with the U.S. Department of State, the NCSD is engaged with multilateral policy-making organizations to strengthen the global culture of security. Those organizations include the United Nations, the Group of Eight (G8) Summit, the Asia-Pacific Economic Cooperation (APEC), the Organisation for Economic Co-operation and Development (OECD), and the Organization of American States (OAS). The NCSD also participates in bilateral, international cyber security cooperative efforts with the UK, Canada, Mexico, Australia, Germany, and India. Further, the NCSD is promoting US-CERT partnerships (including building Computer Security Incident Response Team (CSIRT) capabilities globally).

Strategic Initiatives

In carrying out the recommendations outlined in the National Strategy to Secure Cyber Space, the NCSD is focused on the following strategic initiatives.

Software Assurance
The NCSD is committed to implementing a plan that will make security a central component of the process used to develop, test and deploy software.
Through its Software Assurance initiative and in collaboration with the public and private sectors, the NCSD explores software development life-cycle processes, procedures, and testing tools to mitigate risks and assure software integrity. Programs focus on developing best practices and guidelines for developers, examining software testing methods, aiding educational institutions in developing curriculum, and investigating the development of a national software testing lab.

Exercise Planning
The NCSD includes public and private stakeholders when planning and coordinating cyber security exercises. Exercises focus on developing and maintaining expert knowledge of and proficiency in the management, integration, and employment of cyber security resources and best practices.

Training and Education
The NCSD works with qualified Training and Education organizations to increase the ranks of America's qualified cyber secuirty workforce. The NCSD is working to establish education and trailing standards for professionals serving in cyber security capacities. As part of these efforts, the Department of Homeland Security recently signed agreements to co-sponsor and partner with the National Security Agency (NSA), National Centers of Excellence in Information Assurance Education (NCEIAE), and the National Science Foundation (NSF) Scholarship for Service programs. More information on these programs is located in the Resources section of the US-CERT web site.

Research and Development, Standards and Best Practices
The NCSD works to identify key cyber security R&D; requirements and standards issues, and to assemble and distribute cyber prevention and response best practices. The NCSD works actively with other DHS componenets, the Office of Science and Technology Policy, other federal agencies, industry, academia, and U.S. and international standards organizations in this area.