US Department of Homeland Security unveils new cyber security strategy

US unveils new government cyber security strategy just days after cyber 'czar' role is scrapped

The US Department of Homeland Security has drawn up a new cyber security strategy (PDF) outlining the ways in which it identifies and manages growing cyber security threats - a policy change that comes just days after the US government's cyber security 'czar' role was discontinued.

The document claims that the aim of the strategy is to "enable the harmonisation and prioritisation of DHS planning, programming, budgeting, and operational activities across all DHS cybersecurity mission areas".

Overall, the strategy discusses five 'pillars'. The first is risk identification, with the department recommending regular cyber security infrastructure assessments.

Second, the department will work to reduce vulnerabilities by ensuring that federal agencies are using the latest cyber security solutions.

The next step is threat reduction, which means it is constantly monitoring to uncover hackers and criminal organisations trying to penetrate government systems.

When an attack does happen, DHS cyber security specialists will attempt to minimise the damage caused and stop future attacks.

Homeland Security Secretary Kirstjen Nielsen said the strategy will enable the US to stay ahead of cyber criminals and state operatives.

"The cyber threat landscape is shifting in real-time, and we have reached a historic turning point," she said.

"Digital security is now converging with personal and physical security, and it is clear that our cyber adversaries can now threaten the very fabric of our republic itself.

"That is why DHS is rethinking its approach by adopting a more comprehensive cyber security strategy. In an age of brand-name breaches, we must think beyond the defence of specific assets—and confront systemic risks that affect everyone from tech giants to homeowners.

"Our strategy outlines how DHS will leverage its unique capabilities on the digital battlefield to defend American networks and get ahead of emerging cyber threats."

Andrew Lloyd, president of Corero Network Security, described it as a "well-considered" and "thorough" strategy.

"The DHS has defined a more comprehensive Critical Infrastructure (CI) definition than that adopted in the UK/EU within the NIS Directive," he said.

"With DDoS being the cyber-criminals tool of choice against both CI and government, DHS will need to swiftly convert this strategy in to action to protect against this threat.

"Ironically, onerous and restrictive Federal Government procurement policies may prove to be a significant barrier to DHS being able to select the most effective technologies to mitigate DDoS and other high-risk cyber-threats."