2014 Digital Yearbook of Homeland Security Awards
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
fully so, countering biological threats remains a high priority<br />
at DHS. As our experiences in Afghanistan and Iraq<br />
have shown, man portable improvised explosive devices<br />
(IEDS) and vehicle-borne IEDS are still a major concern,<br />
especially against s<strong>of</strong>t targets.<br />
Other threats such as chemical and radiological<br />
substance releases, and natural disasters from floods, hurricanes<br />
and earthquakes all still pose plausible and dire<br />
threats to the homeland. Unfortunately, it is likely that the<br />
nation’s preparedness will be tested again in the coming<br />
decade.<br />
One area where DHS has taken on an increasingly<br />
larger role is in cybersecurity. Presidential Directives have<br />
mandated DHS to play the primary role in the civilian side<br />
<strong>of</strong> government for cybersecurity. A major reason for the<br />
new focus on cybersecurity has been the rapid changes<br />
in the information technology landscape. Since 2003, the<br />
capabilities and connectivity <strong>of</strong> cyber devices and communications<br />
has grown exponentially. Concurrently, so<br />
have the cyber intrusions and threats from malware and<br />
hackers. This has required restructuring <strong>of</strong> priorities and<br />
the cybersecurity missions at DHS. The cyber threat to the<br />
homeland reaches far beyond terrorists and includes various<br />
criminal enterprises and adversarial nation states.<br />
What do government and industry perceive<br />
to be the main cybersecurity threats and<br />
required responses?<br />
CB: Both government and industry have prioritized<br />
critical infrastructure as a focus <strong>of</strong> threat and hardened<br />
response. There is a growing understanding <strong>of</strong> the seriousness<br />
and sophistication <strong>of</strong> the cyber threats, especially<br />
denial <strong>of</strong> service. In terms <strong>of</strong> preparation, the financial and<br />
13<br />
retail communities have been at the forefront <strong>of</strong> addressing<br />
these threats with significant investment in technologies<br />
and in training. However, 43% <strong>of</strong> companies had<br />
breaches last year (including companies such as Home<br />
Depot, JPMorgan, and Target) and the intrusion threats<br />
are not diminishing.<br />
According to the think tank Center For Strategic<br />
and International Studies (CSIS), cyber related crime now<br />
costs the global economy about $445-billion every year.<br />
These breaches demonstrate that there is a continued<br />
need for protocols and enhanced collaboration between<br />
government and industry.<br />
Last year, The Council on Cyber<strong>Security</strong>, an influential<br />
not-for–pr<strong>of</strong>it organization, formed a “20 Critical <strong>Security</strong><br />
Controls list” with collaboration between the public<br />
and private sectors. The list provides an emerging working<br />
framework for protecting the critical infrastructure and<br />
provides a recommended set <strong>of</strong> actions for cyber defense<br />
that includes specific and actionable ways to stop today’s<br />
most pervasive attacks. I was honored to participate in<br />
that working group.<br />
Indeed, cyber security controls are very important.<br />
In the U.S., most (approximately 85%) <strong>of</strong> the cybersecurity<br />
critical infrastructure including defense, oil and gas,<br />
electric power grids, healthcare, utilities, communications,<br />
transportation, banking, and finance is owned by the<br />
private sector and regulated by the public sector. DHS has<br />
recognized the importance for private sector input into<br />
cybersecurity requirements across these verticals and has<br />
played a major part in bringing government and industry<br />
together to develop a strategy to protect critical infrastructure.