Client: Department of Homeland Security
Mission Area: Resiliency and Emergency Preparedness / Response
The Department of Homeland Security (DHS) has a central role to play in the cybersecurity of the United States. However, primary legal authorities supporting and governing this role appear to lack sufficient clarity. As a result, it remains difficult to judge their adequacy—and, more importantly, the fundamental nature and extent of the department’s role in securing U.S. cyberspace. Staff from the Homeland Security Studies and Analysis Institute (HSSAI) documented these issues through a study entitled, “An Analysis of the Primary Authorities Supporting and Governing the Efforts of the Department of Homeland Security to Secure the Cybersecurity of the United States.”
HSSAI research identified the primary authorities that support or govern DHS cybersecurity efforts; determined ambiguities, conflicts, and gaps that appear to exist in those authorities; and discussed implications of these gaps for the DHS mission. The study concluded that existing DHS-related authorities may not be fully sufficient for DHS to:
In testimony before the Senate Committee on Homeland Security and Governmental Affairs, DHS Secretary Janet Napolitano stated: “Cybersecurity is a shared responsibility … emerging cyber threats require the engagement of our entire society…. The success of our efforts to reduce cybersecurity risks depends on effective communication and partnerships among departments and agencies from all levels of government, the private sector, international agencies, and the American public.”* This research by HSSAI helps more clearly define the contours of those cybersecurity partnerships.
Cybersecurity risks have the potential to substantially jeopardize national security, public safety, and economic competitiveness. These risks derive from the cyber-reliance of critical infrastructure such as banking, communications, and energy transmission; the vulnerability of sensitive and proprietary information; and the capability and intent of malicious cyber actors, including “hactivists,” criminal groups, and well-resourced nation states. As the DHS cybersecurity role evolves in response to changing threats and emerging technologies, it will require the necessary authorities to secure civilian federal networks and support cybersecurity in critical infrastructure within the public and private sectors.