When the Department of Homeland Security (DHS) was established in March 2003, one of the new department’s primary goals was to enhance U.S. cybersecurity. But after several years passed without major DHS initiatives in this area, observers concluded that the department was insufficiently prepared or resourced to address cyber emergencies. Indeed, prior to the 2008 presidential election, the influential think tank Center for Strategic and International Studies’ Commission on Cybersecurity recommended that the next occupant of the White House formally revoke DHS’ limited authority to coordinate cybersecurity because the department, having never had authority over the U.S. military, intelligence community and law enforcement agencies, could not perform this coordination role effectively.
When the Obama administration assumed office, it followed many of the commission’s recommendations, but it ignored this one. With White House encouragement, DHS has made it a higher priority to address the security of U.S. civilian cyber networks and has earned greater support in Congress for remaining the lead civilian agency in this area. For example, DHS made cybersecurity one of its five most important mission areas in the first-ever Quadrennial Homeland Security Review (QHSR) released in 2010, 74 percent higher than in the 2012 budget.
DHS currently has the lead role in securing federal civilian network systems, sometimes described as the “dot.gov” domain. Through its National Infrastructure Protection Plan, DHS works with private- and public-sector owners and operators of critical infrastructure and key resources to bolster their cybersecurity preparedness, risk mitigation and incident-response capabilities. The fundamental problem the department faces is that, at present, it has responsibility to protect all nondefense public- and private-sector networks from cyberattack, but lacks sufficient authority to accomplish this mission.