Cybersecurity is about Risk (Not Just Technology)

Brig. Gen. (ret) Greg Touhill Deputy Assistant Secretary

Office of Cybersecurity and CommunicationsU.S. Department of Homeland Security

Homeland Security

HomelandSecurity Office of Cybersecurity and Communications

Buying Down Risk Through Better Cybersecurity

80%Best

Practices 15%Info

Sharing 5%Planning

& Incident Response

*Rule of thumb

HomelandSecurity Office of Cybersecurity and Communications

Best Practices

Top 5 Defensive Strategies:1. Multifactor Identification2. Network Segmentation3. Control Privileged Access4. Whitelist Apps5. Guard your Back Door:

Contract with Security in Mind

80%Best

Practices

HomelandSecurity Office of Cybersecurity and Communications

Information Sharing Works!

• Cyber Information Sharing and Collaboration Program (CISCP)

• Enhanced Cybersecurity Services

• Critical Infrastructure Cyber Community (C³) Voluntary Program

• U.S. Computer Emergency Readiness Team (US-CERT)

15%Info

Sharing

HomelandSecurity Office of Cybersecurity and Communications

Incident Response

National Cybersecurity & Communications Integration Center (NCCIC)

• U.S. Computer Emergency Readiness Team (US-CERT)• Industrial Control Systems Cyber Emergency Response

Team (ICS-CERT)• National Coordinating Center for Communications (NCC)• Cyber Watch

5%Planning

& Incident Response

HomelandSecurity Office of Cybersecurity and Communications

6

Tackling the Cybersecurity Issue

• 124+ Federal Departments and Agencies• Disparate missions and customers

HomelandSecurity Office of Cybersecurity and Communications

7

Tackling the Cybersecurity Issue

State, Local, Tribal, Territorial Governments

• 80,000+ entities• Unique authorities and

budgets

HomelandSecurity Office of Cybersecurity and Communications

8

Cyber Strategy Elements

1. Guard the boundary EINSTEIN

2. Manage and patrol interior lines Continuous Diagnostics and Mitigation

3. Train the workforce National Initiative for Cybersecurity Education

4. Adapt, innovate, and integrate new technology and tactics, techniques, and procedures

HomelandSecurity Office of Cybersecurity and Communications

9

Healthcare & Public Health

Information Technology

Government Facilities

Chemical

Commercial Facilities

Communications

Critical Manufacturing

Dams

Nuclear Reactors, Materials & Waste

Transportation Systems

Water & Wastewater

Systems

Defense Industrial Base

Emergency Services

Energy

Financial Services

Food & Agriculture

Linking the Private Sector

HomelandSecurity Office of Cybersecurity and Communications

10

Privacy, Civil Rights, Civil Liberties

Protecting:• Citizens• Economy• Values

HomelandSecurity Office of Cybersecurity and Communications

11

Cybersecurity is a team effort

National Cybersecurity and Communications Integration Center

National Cyber Investigative Task Force

U.S. Cyber Command

Intelligence Community

Security Coordination

Center

Defense Cyber Crime Center

National Security Agency’s Central Security Service Threat Operation Center

HomelandSecurity Office of Cybersecurity and Communications

12

• A threat to one is a threat to all

• Share information Cyber Neighborhood Watch

• Bake security into new products, organizational ethos, and agendas

A Call to Action