The Department of Homeland Security’s compliance-based approach will shift to an individualized assessment of components’ threat posture, according to Danny Toler, acting assistant secretary for DHS’s Office of Cybersecurity and Communications.
Instead of relying on a “three-ring binder” approach, which standardizes cybersecurity requirements throughout an agency, Toler said DHS will appraise its entities’ cyber stances every couple of years. He said periodic check-ins will make the agency’s cyber posture more “threat-dynamic.” Toler spoke at the Akamai Government Forum on March 28.
“Any infrastructure can be compromised. How do we accept that fact and still protect data?” Toler said. “We’ll have to maintain both approaches concurrently until we migrate fully to one approach.”
The method in which DHS evaluates cybersecurity regulations is not the only shift Toler predicted for the agency. He said that DHS will shift from an infrastructure-centered approach to a data-centered approach for cybersecurity practices.
Many Federal agencies have adopted data analytics tools to interpret the reams of information they store. Toler stressed the importance of data analytics in combating cyber threats, and said DHS will only increase its data analytics use.
“We’ll continue to go down that path,” Toler said. “We’ll continue to improve the ability to look across the entire landscape.”
Phyllis Schneck, former deputy undersecretary for cybersecurity and communications at DHS, agreed with Toler, stating that analytics are “only as good as the data” an agency possesses. However, Schneck warned about the balance of protecting data while still preserving people’s civil liberties.
“It takes data to protect data, but we have to make sure we’re not climbing over the way of life we are out to protect,” Schneck said.
In addition to addressing threats within the agency’s own infrastructure, DHS leads cybersecurity programs for external entities. Through its Continuous Diagnostics and Mitigation program, DHS evaluates the infrastructures of other entities and gives the entities tools and contract support. According to Toler, the purpose of the CDM program is to learn what actors are on someone else’s network, what those actors are doing, and how those networks are protected.
DHS also supplies ground-level services to state government agencies. Toler explained that DHS works with these agencies in the wake of cyber incidents to control the damage. These services often require partnerships with law enforcement agencies, such as the FBI, Toler said.
“DHS is the firefighter. We want to put it out and get you back in your house,” Toler said. “Our partners in law enforcement are arson investigators. They want to figure out who did it and bring those people to justice.”
Federal cybersecurity practices involve partnerships with private sector companies in addition to other government agencies, according to Schneck. Private sector companies, which often move faster than the Federal government, develop cybersecurity tools that agencies adopt.
Schneck, who has worked in both the Federal and private sector space, stated that agencies and companies need to communicate as often as hackers do in order to build cybersecurity tools.
“There is data unique to each side. The adversary has no problem sharing information. They work with an alacrity we’ll never see because we have a civil way of life,” Scheck said. “I’ve seen huge progress. Techies talk to techies. There’s nothing more important than partnerships between the government and the private sector.”