Sign Up to receive Cyber Alerts by email.
| |
Policy
US-CERT policy encompasses both cyber security policies and strategic initiatives undertaken by the NCSD. This section contains policy information from a variety of sources as well as more information about strategic initiatives.
Cyber Security Policy
The National Strategy to Secure Cyberspace outlines an initial
framework for both organizing and prioritizing efforts to protect
against disruptions to our critical information systems and reduce
vulnerabilities to cyber threats. It provides direction to the departments and agencies in the federal government that have roles in
cyberspace security. It also identifies steps that state and local
governments, private companies and organizations, and individual
Americans can take to improve our collective cyber security. The
strategy emphasizes public-private partnerships and provides a
framework for contributions that all Americans can make to secure
cyberspace.
The Department of Homeland Security's National Cyber
Security Division (NCSD) has been charged with coordinating the implementation of the
strategy, and is partnering with private and public organizations to
develop long-term solutions to address the considerable challenges
inherent to securing cyberspace.
Read the entire text of the National Strategy to Secure Cyberspace.
HSPD-7 Critical Infrastructure Identification,
Prioritization, and Protection
Released on December 17, 2003,
Homeland Security Presidential Directive-7 (HSPD-7) establishes a
national policy for federal departments and agencies to identify and
prioritize United States critical infrastructure and key resources and
to protect them from terrorist attacks.
Designated by HSPD-7 as the sector lead for Information Technology
(IT), the Department of Homeland Security's National Cyber Security
Division (NCSD) is spearheading the development of an IT
sector-specific plan to identify critical assets, vulnerabilities, and
map interdependencies. Read HSPD-7 at http://www.whitehouse.gov/news/releases/2003/12/20031217-5.html for more information.
Legislative Testimony Protecting Our Nation's Cyber Space: Educational
Awareness for the Cyber Citizen Amit Yoran, Director of the
National Cyber Security Division of the Department of Homeland
Security Before the House Government Reform Committee and the
Subcommittee on Technology April 21, 2004
Homeland Cybersecurity and DHS Enterprise
Architecture Budget Hearing for Fiscal Year 2005
Robert P. Liscouski, Assistant Secretary of the Department of Homeland Security for Infrastructure Protection
Before the House Select Committee on Homeland Security U.S. house of Representatives and the Subcommitte on Cybersecurity, Science, and Research & Development
March 30, 2004
Virtual Threat, Real Terror: Cyberterrorism in the 21st Century
Amit Yoran, Director of the National Cyber Security Division of the Department of Homeland Security
Before the Senate Judiciary Committee and the Subcommittee on Terrorism, Technology, and Homeland Security
February 24, 2004
Statement of Robert Liscouski
Robert P. Liscouski, Assistant Secretary of the Department of Homeland Security for Infrastructure Protection
Before the House Select Committee on Homeland Security and the Subcommittee on Cybersecurity, science, and Research and Technology
Spetember 17, 2003
International
Because cyberspace is not
contained within a single country's borders, the battle for securing
cyberspace must be fought on all fronts by all nations. Our
interconnectedness to the world makes us dependent on and vulnerable
to outside products and influences. International collaboration and relationships are vital to defending against such threats.
The NCSD participates in several international arenas to build and
strengthen information sharing relationships and agreements. As the
operational arm of the NCSD, the US-CERT collaborates with
international partners to share critical cyber threat and
vulnerability information in order to provide warning of and
mitigate damage from cyber attacks.
Specifically, in coordination with the U.S. Department of State, the
NCSD is engaged with multilateral policy-making organizations to strengthen the
global culture of security. Those organizations include the United Nations, the Group of Eight (G8) Summit, the Asia-Pacific Economic Cooperation (APEC), the Organisation for Economic Co-operation and Development (OECD),
and the Organization of American States (OAS). The NCSD also participates in bilateral, international
cyber security cooperative efforts with the UK, Canada, Mexico,
Australia, Germany, and India. Further, the NCSD is promoting US-CERT
partnerships (including building Computer Security Incident Response
Team (CSIRT) capabilities globally).
Back to top
Strategic Initiatives
In carrying out the
recommendations outlined in the National Strategy to Secure Cyber
Space, the NCSD is focused on the following strategic initiatives.
Software Assurance
The NCSD is committed to implementing a plan that will make security a
central component of the process used to develop, test and deploy
software.
Through its Software Assurance initiative, the NCSD is exploring
software development life-cycle processes, procedures, and testing
tools, in collaboration with the public and private sectors to
mitigate risks and assure software integrity. In conjunction with public
and private sector partners, the NCSD is launching and implementing a
comprehensive plan to change the way software is developed, tested and
deployed so that security is central to the process. Among NCSD plans
are to develop best practices and guidelines for developers, examine
software testing methods, aid educational institutions in developing
curriculum, and consider development of a national software testing
lab.
Exercise Planning
The NCSD plans and coordinates cyber security exercises with internal
and external DHS stakeholders from both the public and private
sectors. As the focal point for the nation's cyber security
infrastructure, the NCSD both initiates and participates in exercises to develop and maintain expert knowledge of and proficiency
in the management, integration, and employment of cyber security
resources and best practices.
Training and Education
The goal of the
Training and Education initiative is to develop programs with training
and education institutions to increase adequately trained IT security
personnel. The NCSD is promoting the availability of qualified,
well-trained IT security professionals to both public and private
entities, and the establishment of standards for professionals serving
in defined capacities. As part of these efforts, the Department of
Homeland Security recently signed agreements to co-sponsor and partner
with the National Security Agency (NSA), National Centers of Academic
Excellence, and the National Science Foundation (NSF) Scholarship for
Service programs. More information on these programs is located in the Resources section of the US-CERT web site.
Research and Development, Standards and Best Practices
The NCSD is actively identifying key cyber security R&D; requirements
and standards issues, and collaborating with other DHS components, the
Office of Science and Technology Policy, other Federal agencies,
industry, academia, and U.S. and international standards organizations, as well
as assembling and distributing cyber prevention and response best
practices. The NCSD identifies needs in the research and development
arena for vital analysis tools to improve early warning of cyber
threats and standards for handling cyber security events. In
addition, the NCSD gathers and distributes guidance on the best
practices for handling an array of cyber security issues.
Back to top
|
|