Presidential Policy Directive 8: National Preparedness (PPD-8) describes the Nation’s approach to preparing for the threats and hazards that pose the greatest risk to the security of the United States.
The Directive requires a National Preparedness Report (NPR), an annual report summarizing the progress made toward building, sustaining, and delivering the 31 core capabilities described in the National Preparedness Goal.
Cybersecurity Key Finding: Cyber attacks have increased significantly in number and sophistication in recent years, resulting in the Federal Government and private sector partners expanding their cybersecurity efforts.
The U.S. Computer Emergency Readiness Team (US-CERT) reported an over 650-percent increase in the number of cyber incidents reported by federal agencies over a five-year period, from 5,503 in FY 2006, to 41,776 in FY 2010.
Almost two-thirds of U.S. firms report that they have been the victim of cybersecurity incidents or information breaches. Moreover, this serious problem may be subject to underreporting: only 50 percent of owners and operators at high-priority facilities participating in the ECIP security survey said that they report cyber incidents to external parties.
DHS’s Strategic National Risk Assessment notes that cyber attacks can have catastrophic consequences and trigger cascading effects across critical infrastructure sectors.
To counter these and related threats, federal and private sector partners have accelerated initiatives to enhance data collection, detect events, raise awareness, and respond to cyber incidents. In fact, most infrastructure protection stakeholders now identify cybersecurity as a priority issue for their programs.
At least 10 different critical infrastructure sectors have established joint public-private working groups through the SCCs and GCCs focused on cyber issues. In FY 2011, facility owners and operators from all 18 critical infrastructure sectors conducted assessments using the DHS Cyber Security Evaluation Tool.
This free software helps users assess their systems and networks through a series of guided questions. In addition, DHS and DOD are jointly undertaking a proof-of-concept called the Joint Cybersecurity Services Pilot.
The purpose of this pilot program is to enhance the cybersecurity of participating Defense Industrial Base (DIB) critical infrastructure entities and to protect sensitive DOD information and DIB intellectual property that directly supports DOD missions or the development of DOD capabilities from unauthorized access, exfiltration, and exploitation.
By the end of FY 2011, the National Cybersecurity Protection System was monitoring cyber intrusions with advanced technology for 37 of 116 federal agencies (32 percent), exceeding the proposed target of 28 percent. DHS’s National Cyber Security Division (NCSD) and Science and Technology Directorate also contribute to the development of international cybersecurity standards by participating in standards bodies such as the International Telecommunication Union, the International Organization for Standardization, and the Internet Engineering Task Force.
DHS operates the National Cybersecurity and Communications Integration Center, a 24-hour center responsible for coordinating cyber and communications warning information across federal, state, and local governments, intelligence and law enforcement communities, and the private sector.
DHS has also established the Cybersecurity Information Sharing and Collaboration Program (CISCP), a systematic approach to cyber information sharing and cooperation with critical infrastructure owners and operators. The program incorporates government participants, Information Sharing and Analysis Centers (ISACs), and other critical infrastructure owners and operators, and facilitates the fusion of data through collaboration among CISCP entities to develop and share cross-sector information products through a secure portal.
In addition, the National Cyber Investigative Joint Task Force (NCIJTF) facilitates federal interagency collaboration and serves as a central point of entry for coordinating, integrating, and sharing pertinetinformation related to cyber-threat investigations. The FBI oversees the NCIJTF, which includes representation from 18 partner agencies from the intelligence and law enforcement communities.
The FBI also runs 65 cyber task forces across the country that integrate federal, state, and local assets. At the state, local, tribal, and territorial levels, the Multi-State Information Sharing and Analysis Center is a cybersecurity focal point, including a cybersecurity operations center that provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation, and incident response.
The Secret Service has successfully dismantled some of the largest known cybercriminal organizations by working through the agency’s established network of 31 Electronic Crimes Task Forces (ECTFs). With the recent addition of two international ECTFs in Rome, Italy, and London, England, local law enforcement can leverage ECTF participation in Europe, a hub of cybercriminal activity.
Despite progress achieved through these efforts, the SPR survey shows that cyber capabilities are lagging at the state level. Results indicated that Cybersecurity was the single core capability where states had made the least amount of overall progress, with an average capability level of 42 percent. In addition, DHS’s 2011 Nationwide Cybersecurity Review highlighted gaps in cyber-related preparedness among 162 state and local entities.
For example, though 81 percent of respondents had adopted cybersecurity control frameworks and/or methodologies, 45 percent stated they had not implemented a formal risk management program. Moreover, approximately two-thirds of respondents had not updated information security or disaster recovery plans in at least two years. The challenges identified in these reviews likely apply across sectors.
The full National Preparedness Report can be downloaded here: