Cybersecurity: Background, Risk Management and Federal Policies

The past decade has seen a rapid increase in both the utility and risk from networked devices. The very tools Americans use to chat with loved ones and make purchases are the same tools which can be turned against them to deny access to services, steal their information, or compromise the digital system they trust. Chapter 1 provides an overview of cybersecurity for policymaking purposes, describes issues that cybersecurity affects, and discusses potential actions Congress could take. Chapter 2 describes DHS's cybersecurity missions and how the Department interacts with others to accomplish its missions. Chapter 3 discusses the importance of risk management for cybersecurity, then introduces each of those topics: Information Sharing, Critical Infrastructure Protection and Cybersecurity, Cyber Supply Chain Risk Management, Federal Agency Oversight, and Data Protection and Privacy. The objective of chapter 4 was to determine the extent to which federal agencies have developed policies, procedures, and guidelines for the removal of personal information from cyber threat indicators and defensive measures, pursuant to CISA's provisions. Chapter 5 highlights the work related to federal programs implemented by DHS that are intended to improve federal cybersecurity and cybersecurity over systems supporting critical infrastructure. Chapter 6 discusses the current state of electric grid cybersecurity, and the interconnected dependency of critical infrastructure with regard to electric sector reliability. The objectives of chapter 7 are to describe the roles of non-school partners and the types of PII shared with them and assess the extent to which FSA policies and procedures for overseeing the non-school partners' protection of student aid data adhere to federal requirements, guidance, and best practices. Chapter 8 provides an update to the information security high-risk area and identifies the actions the federal government and other entities need to take to address cybersecurity challenges.