U.S. Department of Homeland Security Office of Cybersecurity & Communications Council of State Governments Cybersecurity Session November 3, 2017
Cybersecurity & Communications (CS&C) CS&C s Mission ensure the security, resiliency, and reliability of the Nation s cyber and communications infrastructure CS&C works to prevent or minimize disruptions to our critical information infrastructure in order to protect the public, the economy, government services, and the overall security of the United States. Prepare for, protect against, and respond to incidents that could degrade or overwhelm the networks, systems, and assets that make up our Nation s information technology, cyber, and communications infrastructure Protect Federal Civilian networks (.gov,.com) Host, conduct exercises to prepare Federal, state, local, and private sectors for cyber attack
Stakeholder Engagement & Cyber Infrastructure Resilience (SECIR) The SECIR division serves as the Department s primary coordination point for cybersecurity stakeholder engagement and national security and emergency preparedness communications activities. SECIR also leads a number of key cybersecurity and communications resilience programs. Each of the divisions within CS&C rely upon SECIR to streamline coordination and engagement with government and industry partners, while SECIR leverages the capabilities and subject matter experts across CS&C to meet stakeholder needs.
National Cybersecurity & Communications Integration Center (NCCIC) The NCCIC is a 24x7 cyber situational awareness, incident response, and management center that is a national nexus of cyber and communications integration for Federal civilian agencies, the intelligence community, law enforcement, State and local government, and the private sector
UNCLASSIFIED 5
UNCLASSIFIED 6
Office of Emergency Communications (OEC) OEC supports and promotes communications used by emergency responders and government officials to keep America safe, secure, and resilient. Leads the Nation s operable and interoperable public safety and national security and emergency preparedness communications efforts Provides training, coordination, tools, and guidance to help its federal, state, local, tribal, territorial and industry partners develop their emergency communications capabilities OEC s programs and services coordinate emergency communications planning, preparation and evaluation, to ensure safer, better-prepared communities nationwide.
Deloitte-NASCIO Cybersecurity Study 2016 2014 Frequency of cybersecurity discussion with executive leadership Monthly Quarterly Annually 45% 16% 6% 30% 18% 8% Frequency of cybersecurity reporting to the governor Monthly Quarterly Annually Ad hoc Frequency of cybersecurity reporting to the state legislature Monthly Quarterly Annually Ad hoc Top 5 barriers in addressing cybersecurity challenges Lack of sufficient funding Inadequate availability of cybersecurity professionals Lack of documented processes Increasing sophistication of threats Lack of visibility and influence within the enterprise Top human resource factors that negatively impact CISO s ability to develop, support and maintain cybersecurity workforce State s salary rates and pay grade structure Lack qualified candidates due to federal agencies/private sector demand Workforce leaving for private sector Intrastate attrition for higher salary positions Lengthy hiring process Lack of defined career path and opportunities 29% 2% 12% 39% 4% 6% 29% 35% 80% 51% 45% 45% 33% 96% 59% 47% * * * 17% 4% 15% 40% 0% 0% 28% 40% 75.5% 59.2% 32.7% 61.2% 49.0% 89.9% * 71.4% 32.7% 53.1% 67.3%
National Preparedness Report 2015 2012 Addressing cybersecurity capability gaps perceived as entirely or mostly a 70% 49% state responsibility Percent of 53 states and territories surveyed by NEMA indicating need for continued Federal support to augment cybersecurity efforts 100% * o Percent identifying financial assistance as among federal resources 60% needed o Percent identifying training opportunities as among federal 94% resources needed o Percent identifying technical assistance as among federal 91% resources needed o Percent identifying support for sharing best practices between states as among federal resources needed 85% MS-ISAC Nationwide Cyber Security Review Top security concerns Lack of security program funding (State and local) Increasing sophistication of threats (State and local) Lack of documented processes (local) Lack of a cybersecurity strategy (local) Lack of available security professionals (tribal, but emerging across SLTT)
UNCLASSIFIED 10