Abstract:
The Department of Homeland Security (DHS) has a central role to play in the cybersecurity of the United States. However, authorities governing and supporting this central role appear to lack sufficient clarity. As a result, it remains difficult to judge their adequacy — and, more importantly, the fundamental nature and extent of the department’s role in securing U.S. cyberspace. In an attempt to provide clarity to the national cybersecurity community, staff from the Homeland Security Studies and Analysis Institute conducted research to determine: what are the primary authorities supporting/governing DHS efforts to secure U.S. cyberspace (and what do the authorities say); and what ambiguities, conflicts, and gaps appear to exist in these authorities (and what are their implications for the DHS mission). This paper presents the findings of the research. It is designed to serve as a foundational document for use by DHS and its partners in the U.S. government (USG) and broader homeland security enterprise. Overall, the research suggests that existing DHS-related authorities may not be fully sufficient for DHS to: require or incentivize the protection of critical systems and information; gather (i.e., collect) information to be shared; define clearly when DHS may intervene during a cyber incident; support actions necessary to manage and coordinate cyber incident response, including for the most serious of incidents; and delineate the responsibilities of DHS and DoD for the most serious of incidents.
Download this paper:
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2182675
The Department of Homeland Security (DHS) has a central role to play in the cybersecurity of the United States. However, authorities governing and supporting this central role appear to lack sufficient clarity. As a result, it remains difficult to judge their adequacy — and, more importantly, the fundamental nature and extent of the department’s role in securing U.S. cyberspace. In an attempt to provide clarity to the national cybersecurity community, staff from the Homeland Security Studies and Analysis Institute conducted research to determine: what are the primary authorities supporting/governing DHS efforts to secure U.S. cyberspace (and what do the authorities say); and what ambiguities, conflicts, and gaps appear to exist in these authorities (and what are their implications for the DHS mission). This paper presents the findings of the research. It is designed to serve as a foundational document for use by DHS and its partners in the U.S. government (USG) and broader homeland security enterprise. Overall, the research suggests that existing DHS-related authorities may not be fully sufficient for DHS to: require or incentivize the protection of critical systems and information; gather (i.e., collect) information to be shared; define clearly when DHS may intervene during a cyber incident; support actions necessary to manage and coordinate cyber incident response, including for the most serious of incidents; and delineate the responsibilities of DHS and DoD for the most serious of incidents.
Download this paper:
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2182675