If you work in IT for the Department of Homeland Security, the past couple of months have been pretty hectic. It has been full steam ahead on a number of important cybersecurity initiatives.
Due to the evolving nature of cyber threats, funding for DHS cybersecurity has increased despite the budgetary climate. President Obama’s fiscal 2015 budget request proposes $1.3 billion for cyber activities, up almost 40 percent from $792 million this year. A sizeable chunk of that funding is focused on the EINSTEIN3 Accelerated (E3A) program, designed to detect and prevent malicious traffic targeting civilian federal networks.
DHS is working aggressively with the National Institute of Standards and Technology (NIST) to implement the new cybersecurity framework for critical infrastructure providers. Unveiled in February, the framework was designed to improve risk management and flexibility in addressing cybersecurity. The framework consists of three main parts:
- Core – activities, outcomes and informative references that are common across critical infrastructure sectors, providing the detailed guidance for developing individual organizational profiles;
- Profile – designed to help organizations align their cybersecurity activities with their business requirements, risk tolerances and resources;
- Implementation Tiers – provides a way for organizations to view and understand the characteristics of their approach to managing cybersecurity risk.
Additionally, the agency is taking new steps to tackle the digitization of immigration papers. Doing so can improve security and reduce long wait times for legal immigrants. DHS awarded a new contract for the project that will employ agile development processes that incorporate constant feedback for more efficient coding.
Finally, remember Windows XP? No matter how long it’s been since you’ve used Microsoft’s 12- year-old operating system, there are still millions of computers running it inside government agencies. Microsoft is ending support and security updates for XP on April 8th.
Hackers are cleverly trying to exploit that timeline. Recently, there has been a spate of sophisticated phishing attacks against agencies posing as help desk inquiries from legitimate software and hardware companies. The objective is to get the user to download malware to supposedly “fix” his or her computer, or give the scammer remote access to their computer. DHS has been distributing a memo spreading awareness of this attack.
The “virtual” dangers facing our country are as serious today as threats in the physical world. And they are usually far less visible. DHS has ramped up its cybersecurity activities in 2014 on multiple fronts to help agencies and organizations keep up with evolving threats.
