Cybersecurity: Federal Agency Roles V. 1

1 [1] (February 13, 2017)

$handle is hein.crs/govcezu0001 and id is 1 raw text is: Cybersecurity: Federal Agency Roles February 13, 2017 The federal role in cybersecurity involves both securing federal information systems and assisting in protecting nonfederal systems. All federal agencies are responsible for protecting their own systems, and many have sector- specific responsibilities for critical infrastructure (CI). A simplified overview of major roles is presented in Figure 1 and the text below. Because of factors such as the continuing evolution of both cyberspace and agency roles, the distribution of responsibilities is more complex and ambiguous than what is presented here, with a number of unresolved issues. Figure I. Federal Agency Roles in Cybersecurity . . . . . . . . . . . . . . - - - - - ..................... ...... ......... ........................... .............. ............. ................. ..................... ................... .............. ............... ............... . .................................. ..... ... ............ ................................... ................... ......... ................... ......... Z ........................ x ............... V 'A . ..... ............... .. . ............. ............. ......... .............. ----------- ........ ........... .............. ............ ................................ ....... ..... . . ......... ........ .................. .............. .................... ............... . ................... --- ------ ............ . . ..................... ............... ... ............... ..... ......... ............. ................ . ................... ................. ......... ................................. ............. ........ .......... --- ------ ......... ............. ....................... ............... ...... ............. ............. .. ........ .. .......... ............ ........... .............. ....... ----- ....... .... ... ..... . . . .............. ....... ----- ....... ... ... ....... ........ .. .............. ....... ....... ............ ......... ... ................... ......... .............. .............. W k. ..................................................... ..................... .................... . X ... .. ................. ................. ...... . ...................... XX Source: CRS. Note: See text for abbreviations. All agencies. Under the Federal Information Security Modernization Act (FISMA, 44 U.S.C. 3551 ff), each agency head must provide through the agency Chief Information Officer (CIO) for the protection of agency information systems in accordance with federal requirements, including establishment of an agency information security program. OMB-Offlce of Management and Budget. In addition to its budgetary role, this White House office is responsible for approving and enforcing information security requirements under FISMA for federal systems, with two exceptions. National security systems (NSS) fall under the interagency Committee on National Security Systems. FISMA also delegates to the Secretary of Defense and the Director of National Intelligence, respectively, responsibility for systems in the Department of Defense (DOD) and the Intelligence Community (IC) agencies that are designated as crucial to their missions. NIST-National Institute of Standards and Technology. This bureau of the Department of Commerce develops standards and guidance for federal systems that become mandatory under FISMA once approved by OMB (40 U.S.C. 11331). It also performs research relating to cybersecurity, develops voluntary guidance, works with government and private-sector entities to develop cybersecurity best practices, and coordinates interagency efforts in cybersecurity education, training, and workforce development through the National Initiative for Cybersecurity Education (NICE). The agency also coordinated the public/private development of a framework for CI cybersecurity, released in 2014. DHS-Department of Homeland Security. FISMA provides DHS primary responsibility for coordinating the operational security of nonexcepted federal systems, including the ii issuing of binding operational directives for implementing .... FISMA requirements and of emergency directives in 'B , , response to substantial threats. The Cybersecurity Act of ' @ 2015 (CSA, P.L. 114-113, div. N) also authorized and requires agencies to utilize a DHS intrusion prevention and \ detection program for federal civilian systems, g implemented as the National Cybersecurity Protection System (NCPS) and its EINSTEIN component. The DHS Continuous Diagnostics and Mitigation (CDM) program provides tools and services to identify and mitigate vulnerabilities on agency networks. In addition, DHS oversees federal efforts to coordinate and improve the protection of U.S. CI, most of which is controlled by the private sector. The National Cybersecurity Protection Act of 2014 (P.L. 113-282) authorized the National Cybersecurity and Communications Integration Center (NCCIC), established administratively in 2009, to provide and facilitate information sharing and incident response among public and private-sector CI entities. The CSA established a process to facilitate public- and private- sector sharing of information on cyberthreats and defensive measures through the NCCIC and other means, and it permits private-sector entities to monitor and operate defenses on their information systems. DOJ-Department of Justice. Much of the enforcement of federal criminal laws relating to cybersecurity, including investigation and prosecution, is carried out by DOJ. However, some entities within other departments also have enforcement responsibilities, such as the U.S. Secret Service in DHS and the Defense Cyber Crime Center in DOD. The duties of law-enforcement agencies often involve digital forensics, electronic surveillance, and other technological activities. The Federal Bureau of :+:+:+: +:+:+:. ....... :i:i:i:i:i:i: ....... :+:+:+: :i:i:i:i:i:i: +:+:+:. +:+:+:. 'O 'T mppm qq\ a ' p\w -- ' gn'a', g-o I 'S 11LULANJILiN,$

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.

Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Already a HeinOnline Subscriber?

Log In

profiles profiles most

What Is HeinOnline?

Purchase Access

Log In

NEED HELP?

CONTACT US

Get started

Subscribe to our Newsletter