The Department of Homeland Security (DHS) has a central role to play in the cybersecurity of the United States. However, primary legal authorities supporting and governing this role appear to lack sufficient clarity. As a result, it remains difficult to judge their adequacy—and, more importantly, the fundamental nature and extent of the department’s role in securing U.S. cyberspace. Staff from the Homeland Security Studies and Analysis Institute (HSSAI) documented these issues through a study entitled, "An Analysis of the Primary Authorities Supporting and Governing the Efforts of the Department of Homeland Security to Secure the Cybersecurity of the United States."

HSSAI research identified the primary authorities that support or govern DHS cybersecurity efforts; determined ambiguities, conflicts, and gaps that appear to exist in those authorities; and discussed implications of these gaps for the DHS mission. The study concluded that existing DHS-related authorities may not be fully sufficient for DHS to:

• Require or incentivize the protection of critical systems and information
• Gather (i.e., collect) information to be shared
• Define clearly when DHS may intervene during a cyber-incident
• Support actions necessary to manage and coordinate cyber incident response, including for the most serious of incidents
• Delineate the responsibilities of DHS and the Department of Defense for the most serious of incidents

In testimony before the Senate Committee on Homeland Security and Governmental Affairs, DHS Secretary Janet Napolitano stated: “Cybersecurity is a shared responsibility … emerging cyber threats require the engagement of our entire society…. The success of our efforts to reduce cybersecurity risks depends on effective communication and partnerships among departments and agencies from all levels of government, the private sector, international agencies, and the American public.”* This research by HSSAI helps more clearly define the contours of those cybersecurity partnerships.

Cyberspace, DHS, and HSSAI

Cybersecurity risks have the potential to substantially jeopardize national security, public safety, and economic competitiveness. These risks derive from the cyber-reliance of critical infrastructure such as banking, communications, and energy transmission; the vulnerability of sensitive and proprietary information; and the capability and intent of malicious cyber actors, including “hactivists,” criminal groups, and well-resourced nation states. As the DHS cybersecurity role evolves in response to changing threats and emerging technologies, it will require the necessary authorities to secure civilian federal networks and support cybersecurity in critical infrastructure within the public and private sectors.

*DHS Secretary Napolitano's Senate Testimony