Please set value(s) for component.

Department of Homeland Security: Cybersecurity priorities for 2015


Search ABA News

  • Media

  • ABA News Sections

  • Key Issues

Department of Homeland Security: Cybersecurity priorities for 2015

By Irma Romero

The American Bar Association Standing Committee on Law and National Security hosted a discussion Feb. 20 on cybersecurity and the law at a breakfast meeting, held at the University Club in Washington, D.C. Speakers were Daniel Sutherland, associate general counsel for the National Protection and Programs Directorate (NPPD), and Andy Ozment, assistant secretary of Cybersecurity and Communications for the NPPD. The discussion was filmed by C-Span, and can be found at this link.

Sutherland said that five recent pieces of legislation, executive orders and legislative proposals provide DHS with new authorities in the cybersecurity arena. Ozment explained that for a long time, cybersecurity at DHS was in “start-up mode,” but that the agency has now come into its own.

“We have such a level of capability now that we have extraordinary demand from our customers,” he said, adding that NPPD “customers” are:

  • Federal-civilian government agencies
  • State, local, tribal and territorial governments
  • Private sector

“We used to have to go out and really sell people on what we could do for them, and now they’re beating down the door,” Ozment said.

Sutherland said that there are three areas where DHS makes a unique contribution:

  • By embedding privacy and civil liberties into all its programs
  • By building expertise in public-private partnerships
  • By providing a civilian, nonlaw enforcement interface with the private sector and the public

Ozment said that when a customer brings him in to help after a cyberattack, “they know that by bringing me on-site, my only motivation is to help get the bad guys off their networks and get the company back on (its) feet again.”

Sutherland and Ozment then outlined five recent pieces of legislation, executive order and legislative proposals that provide DHS with new authorities in the cybersecurity arena.

  1. In December, President Obama signed the National Cybersecurity Protection Act of 2014, which establishes in law the National Cybersecurity and Communications Integration Center (NCCIC) and codifies it as a central player in the federal government’s information sharing about cybersecurity risks with the private sector, and as an entity that provides cybersecurity technical assistance and incident response capabilities to the private sector. Ozment said that the most effective ways to protect a company from cyberattacks is through implementing best practices, information sharing and fast response.
  2. FISMA, or the Federal Information Security Modernization Act of 2014, grounds in statute DHS’ role to administer the implementation of cybersecurity policies and practices within the federal civilian executive branch. Ozment said FISMA lays the groundwork for how the government manages its IT risk. It establishes and clarifies DHS’ role as that government-wide measurer and motivator of cybersecurity for departments and agencies, and it establishes the practice of using computers to monitor computers.
  3. The Border Patrol Agent Pay Reform Act of 2014 will help develop the cyber workforce by setting salary standards.
  4. President Obama signed an executive order that encourages information sharing between the private sector and the government. It builds on the foundation of the NCCIC legislation by encouraging the development of strong associations of the public-private sectors called Information Sharing Analysis Organizations, or ISAOs.
  5. President Obama’s information sharing legislation proposal was sent to Congress in January. It encourages the private sector to share appropriate cyber threat indicator information with the NCICC, through providing targeted liability protection for companies that share that information with the NCICC.