ebook img

Cybersecurity and Infrastructure Security Agency PDF

343 Pages·2017·5.57 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Cybersecurity and Infrastructure Security Agency

Department of Homeland Security Cybersecurity and Infrastructure Security Agency Department of Homeland Security Cybersecurity and Infrastructure Security Agency Budget Overview Fiscal Year 2020 Congressional Justification CISA - 1 Department of Homeland Security Cybersecurity and Infrastructure Security Agency Table of Contents Cybersecurity and Infrastructure Security Agency ...........................................................................................................................................................1 Appropriation Organization Structure ...........................................................................................................................................................................3 Strategic Context ................................................................................................................................................................................................................5 Budget Comparison and Adjustments ...........................................................................................................................................................................14 Personnel Compensation and Benefits ...........................................................................................................................................................................25 Non Pay Budget Exhibits.................................................................................................................................................................................................26 Supplemental Budget Justification Exhibits .................................................................................................................................................................28 CISA - 2 Department of Homeland Security Cybersecurity and Infrastructure Security Agency Cybersecurity and Infrastructure Security Agency Appropriation Organization Structure Organization Name Level Fund Type (* Includes Defense Funding) Cybersecurity and Infrastructure Security Agency Component Operations and Support Appropriation Mission Support PPA Discretionary - Appropriation* Cybersecurity PPA Cyber Readiness and Response PPA Level II Discretionary - Appropriation* Cyber Infrastructure Resilience PPA Level II Discretionary - Appropriation* Federal Cybersecurity PPA Level II Discretionary - Appropriation* Infrastructure Security PPA Infrastructure Capacity Building PPA Level II Discretionary - Appropriation* Infrastructure Security Compliance PPA Level II Discretionary - Appropriation* Emergency Communications PPA Priority Telecommunications Services PPA Level II Discretionary - Appropriation* Emergency Communications Preparedness PPA Level II Discretionary - Appropriation* Integrated Operations PPA Risk Management Operations PPA Level II Discretionary - Appropriation* Critical Infrastructure Situational Awareness PPA Level II Discretionary - Appropriation* Stakeholder Engagement and Requirements PPA Level II Discretionary - Appropriation* Strategy, Policy, and Plans PPA Level II Discretionary - Appropriation* Office of Biometric Identity Management PPA Identity and Screening Program Operations PPA Level II Discretionary - Appropriation IDENT/Homeland Advanced Recognition Technology Operations and Maintenance PPA Level II Discretionary - Appropriation Procurement, Construction, and Improvements Appropriation Construction and Facilities Improvements PPA Discretionary - Appropriation Cybersecurity PPA Continuous Diagnostics and Mitigation PPA Level II,Investment Discretionary - Appropriation* National Cybersecurity Protection System PPA Level II,Investment Discretionary - Appropriation* Federal Infrastructure Evolution Modernization PPA Level II,Investment Discretionary - Appropriation* Emergency Communications PPA Next Generation Networks Priority Services PPA Level II,Investment Discretionary - Appropriation* Biometric Identity Management PPA IDENT/Homeland Advanced Recognition Technology PPA Level II,Investment Discretionary - Appropriation CISA - 3 Department of Homeland Security Cybersecurity and Infrastructure Security Agency Organization Name Level Fund Type (* Includes Defense Funding) Risk Management Operations PPA Infrastructure Security PPA Research and Development Appropriation Cybersecurity PPA Discretionary - Appropriation* Infrastructure Security PPA Discretionary - Appropriation* Risk Management Operations PPA Discretionary - Appropriation* Federal Protective Service Appropriation FPS Operations PPA Operating Expenses PPA Level II Discretionary - Offsetting Fee Countermeasures PPA Protective Security Officers PPA Level II Discretionary - Offsetting Fee Technical Countermeasures PPA Level II Discretionary - Offsetting Fee CISA - 4 Department of Homeland Security Cybersecurity and Infrastructure Security Agency Cybersecurity and Infrastructure Security Agency Strategic Context Component Overview The strategic context presents the performance budget by tying together strategy, budget resource requests, programs, or PPAs, and performance measures that gauge the delivery of results to our stakeholders. The Common Appropriation Structure (CAS) allows DHS to integrate the strategic programmatic view with our budget view of resources. With this structure, a significant portion of the Level 1 PPAs represent what DHS refers to as our mission programs. A mission program is a group of activities acting together to accomplish a specific high-level outcome external to DHS and includes operational processes, skills, technology, human capital, and other resources. CISA’s mission programs are presented below. Performance measures associated with these programs are presented in two measure sets, strategic and management measures. Strategic measures communicate results delivered for our agency goals by these mission programs and are considered our Government Performance and Results Act Modernization Act of 2010 (GPRAMA) measures. Additional management measures are displayed to provide a more thorough context of expected program performance for the Component related to its budgetary plans. Measure tables that do not display previous year’s results are because the measure did not exist at that time. Cybersecurity: The Cybersecurity program advances computer security preparedness and the response to cyberattacks and incidents. The program includes activities to secure the federal network, respond to incidents, disseminate actionable information, and collaborate with private-sector partners to secure critical infrastructure. This program supports the implementation of government-wide deployment of hardware and software systems to prevent and detect incidents, response to incidents at federal and private entities, and collaboration with the private sector to increase the security and resiliency of critical networks. The program also coordinates cybersecurity education for the federal workforce. Strategic Measures Measure: Average number of hours to notify agency of an incident on their network from earliest detection of potentially malicious activity Description: This measure provides insight into the efficiency and effectiveness of the NCPS program as a whole, by assessing average time to notify agency of an incident on their network, ensuring that the program is focusing time and resources primarily on identifying legitimate security threats. When activity on a federal network corresponds to an active Indicator of Compromise (IOC) deployed through the National Cybersecurity Protection System (NCPS), an alert is generated and sent to DHS. After initial review, DHS analysts triage the alerts based on a number of factors. If an alert, or several related alerts, is confirmed as suspected malicious activity, an incident ticket is created and notification is sent to the affected agency for further action. Fiscal Year: FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 FY 2020 Target: --- --- --- --- 24 24 Result: --- --- --- --- TBD TBD CISA - 5 Department of Homeland Security Cybersecurity and Infrastructure Security Agency Measure: Percent of incidents detected or blocked by EINSTEIN intrusion detection and prevention systems that are attributed to Nation State activity Description: This measure demonstrates the EINSTEIN intrusion detection and prevention systems’ ability to detect and block the most significant malicious cyber-activity by Nation States on federal civilian networks. Nation States possess the resources and expertise to not only develop sophisticated cyber-attacks but sustain them over long periods of time. Thus the indicators that EINSTEIN deploys to detect and block malicious cyber-activity should focus on methods and tactics employed by Nation States. The overall percentage of incidents related to Nation State activity is expected to increase through greater information sharing with partners and improved indicator development, which will result in better incident attribution. Fiscal Year: FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 FY 2020 Target: --- --- --- 20% 21% 22% Result: --- --- --- 29% TBD TBD Measure: Percent of participating federal, civilian executive branch agencies for which Continuous Diagnostics and Mitigation (CDM) capabilities to manage user access and privileges to their networks are being monitored on the DHS managed Federal Dashboard Description: This measure calculates the percent of participating federal, civilian executive branch agencies in the Continuous Diagnostics and Mitigation (CDM) program whose data relating to user activities on their network is visible on the DHS managed Federal Dashboard. The data pertaining to “Who is on the Network” demonstrates the successful deployment, integration, display and exchange of data pertaining to this particular CDM capability that focuses on restricting network privileges and access to only those individuals who need it to perform their duties. The data that is visible to the agencies is at the individual/object level while the Federal Dashboard will provide DHS with summary level vulnerability and security information. Deploying CDM and sharing information with Federal agencies will enable greater DHS visibility and management of the security of Federal IT networks. Fiscal Year: FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 FY 2020 Target: --- --- --- --- 42% 63% Result: --- --- --- --- TBD TBD Measure: Percent of respondents indicating that operational cybersecurity information products provided by DHS are helpful Description: This measure assesses whether the products that the DHS National Cybersecurity and Communications Integration Center (NCCIC) provides are helpful for its customers and to allow NCCIC to make continuous improvements to those products. NCCIC’s website feedback form enables recipients of products to submit feedback about the content of each product. Question five of the feedback survey solicits data on how helpful the information is to the stakeholder. Fiscal Year: FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 FY 2020 Target: --- --- 78% 90% 90% 90% Result: --- --- 92% 93% TBD TBD CISA - 6 Department of Homeland Security Cybersecurity and Infrastructure Security Agency Measure: Percent of significant (critical and high) vulnerabilities identified by DHS cyber hygiene scanning of federal networks that are mitigated within the designated timeline Description: This measure calculates the percent of significant (critical and high) vulnerabilities identified through cyber hygiene scanning that are mitigated within the specified timeline. For critical vulnerabilities the timeline is 15 days and for high vulnerabilities the timeline is 30 days. DHS provides cyber hygiene scanning to agencies to aid in identifying and prioritizing vulnerabilities based on their severity for agencies to make risk based decisions regarding their network security. Identifying and mitigating the most serious vulnerabilities on a network in a timely manner is a critical component of an effective cybersecurity program. Fiscal Year: FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 FY 2020 Target: --- --- 80% 80% 70% 75% Result: --- --- ---* 52% TBD TBD * Unable to report data in FY 2017 Measure: Percent of significant (critical and high) vulnerabilities identified through a DHS assessment of a federal agency high value asset that are mitigated within 30 days Description: This measure calculates the percentage of critical vulnerabilities identified during a Risk and Vulnerability Assessment (RVA) of a High Value Asset (HVA) that the receiving agency has mitigated within 30 days of the final report being submitted to the agency. Binding Operation Directive (BOD) 18-02, Securing High Value Assets, requires agencies to mitigate critical vulnerabilities identified during the HVA assessment within 30 days and report progress to DHS. RVAs are performed on identified HVAs across the federal government to identify vulnerabilities associated with the federal government’s most sensitive IT systems and data. As part of the assessment, the HVA owner agency receives a list of critical vulnerabilities to remediate and agencies provide monthly updates on progress. As agency vulnerability mitigation processes improve, more vulnerabilities should be mitigated in a shorter time. Fiscal Year: FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 FY 2020 Target: --- --- --- --- 45% 50% Result: --- --- --- --- TBD TBD CISA - 7 Department of Homeland Security Cybersecurity and Infrastructure Security Agency Measure: Percent of survey respondents that were satisfied or very satisfied with the timeliness and relevance of cyber and infrastructure analysis based products Description: The Office of Cyber and Infrastructure Analysis (OCIA) produces infrastructure analytic products for DHS customers to make meaningful risk investment and resource allocation decisions in both crisis and steady state environments in order to reduce the impacts of infrastructure disruptions. In order for our customers to apply the knowledge gained from our products they must have the right information in a timely manner to inform decisions. Survey respondents comment on their level of satisfaction with both timeliness and relevance (two separate questions) of OCIA’s analytic products which, in turn, provides OCIA with feedback that will be used to improve future products. OCIA averages the two responses for one metric. This is relevant to OCIA achieving its mission since the purpose of OCIA’s analytic products are to inform decision-makers. Their feedback matters to the core of OCIA’s purpose and is important to help OCIA gauge its progress toward accomplishing its mission. Fiscal Year: FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 FY 2020 Target: --- 80% 90% 92% 94% 96% Result: --- 93% 93% 96% TBD TBD Management Measures Measure: Percent of respondents that rated the exercise as helpful in contributing to their ability to reduce cybersecurity risk within their organization Description: This measure assesses the percentage of respondents who participated in a cybersecurity exercise led by the National Cyber Exercise & Planning Program (NCEPP) that stated on a post-exercise survey that the experience was helpful in preparing them to contribute to reducing cybersecurity risk within their organization. Cybersecurity exercises allow participants to test their current policies and response plans in a realistic cyber scenario in order to identify weaknesses and focus areas for improvement. DHS strives to ensure that cybersecurity exercise offerings provide value and enable participants to better prevent, prepare for, and respond to cyber incidents. Results from this and other responses on the survey inform the planning and execution of future exercise offerings. Fiscal Year: FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 FY 2020 Target: --- --- --- --- 80% 80% Result: --- --- --- --- TBD TBD CISA - 8 Department of Homeland Security Cybersecurity and Infrastructure Security Agency Emergency Communications: The Emergency Communications program is responsible for advancing the Nation’s interoperable emergency communications capabilities to enable first responders and government officials to continue to communicate in the event of disasters. Strategic Measures Measure: Percent of calls made by National Security/Emergency Preparedness users during emergency situations that DHS ensured were connected Description: This measure gauges the reliability and effectiveness of the Government Emergency Telecommunications Service (GETS) by assessing the completion rate of calls made through the service. The GETS call completion rate is the percent of calls that a National Security/Emergency Preparedness (NS/EP) user completes via public telephone network to communicate with the intended user/location/system/etc. GETS is accessible by authorized users at any time, most commonly to ensure call completion during times of network congestion caused by all-hazard scenarios, including terrorist attacks or natural disasters(e.g., hurricane or earthquake). Fiscal Year: FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 FY 2020 Target: 97.0% 97.5% 98.0% 98.5% 99.0% 99.0% Result: 99.3% 99% 99.3% 99.1% TBD TBD Federal Protective Service: The Federal Protective Service protects federal facilities, their occupants, and visitors by providing law enforcement and protective security services. The program provides uniformed law enforcement and armed contract security guard presence, conducts facility security assessments, and designs countermeasures for tenant agencies in order to reduce risks to federal facilities and occupants. Strategic Measures Measure: Percent of Facility Security Committee Chairs (or designated officials) satisfied with the level of security provided at federal facilities Description: This measure assesses the effectiveness of protection and security services provided by the Federal Protective Service (FPS) to Facility Security Committee (FSC) Chairs, or their designated officials, through surveying their overall customer satisfaction. The FSC Chairperson is the representative of the primary tenant and is the primary customer of FPS Facility Security Assessments and countermeasure consultation. This will enable FPS to make better informed decisions to enhance the services it provides to its tenants. Fiscal Year: FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 FY 2020 Target: --- --- 78.00% 79.00% 80.00% 81.00% Result: --- --- 77.00% 80.00% TBD TBD CISA - 9 Department of Homeland Security Cybersecurity and Infrastructure Security Agency Measure: Percent of high-risk facilities found to have no countermeasure-related deficiencies Description: This performance measure provides the percentage of high-risk facilities (Facility Security Levels 3-5) that are found to have no countermeasure-related deficiencies determined by contract security force evaluations and covert testing of security infrastructure. Countermeasure-related deficiencies are a weighted total of covert security testing (secret investigative operations used to identify deficiencies in security countermeasures, training, procedures, and use of technology) deficiencies and human countermeasure (guard force, screening procedures) deficiencies identified during contract security force evaluations. FSL Levels 3-5 are defined as high risk based on the Interagency Security Committee Standards as having over 450 federal employees; high volume of public contact; more than 150,000 square feet of space; tenant agencies that may include high-risk law enforcement and intelligence agencies, courts, judicial offices, and highly sensitive government records. Fiscal Year: FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 FY 2020 Target: LES* LES LES LES LES LES Result: LES LES LES LES TBD TBD *LES is Law Enforcement Sensitive. Measure: Percent of high-risk facilities that receive a facility security assessment in compliance with the Interagency Security Committee (ISC) schedule Description: This measure reports the percentage of high risk (Facility Security Level 3, 4 and 5) facilities that receive a facility security assessment (FSA) in compliance with the ISC schedule. An FSA is a standardized comprehensive risk assessment that examines c redible threats to federal buildings and the vulnerabilities and consequences associated with those threats. Credible threats include crime activity or potential acts of terrorism. Each facility is assessed against a baseline level of protection and countermeasures are recommended to mitigate the gap identified to the baseline or other credible threats and vulnerabilities unique to a facility. Requirements for the frequency of federal building security assessments are driven by the ISC standards with high risk facility assessments occurring on a three year cycle. Fiscal Year: FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 FY 2020 Target: 100% 100% 100% 100% 100% 100% Result: 100% 96% 100% 100% TBD TBD Management Measures Measure: Operational Readiness of the Rapid Protection Force Description: This measure gauges the overall readiness of the Federal Protective Service’s designated surge force known as the Rapid Protection Force (RPF) by measuring the percent of qualified RPF personnel available to deploy to a surge event. The RPF is a cadre of l aw enforcement personnel focused on rapid response to threats and enhanced operations at Federal facilities. The ability to gauge RPF readiness provides key information for ensuring that trained personnel are available to mitigate threats, stabilize incidents, and support special e vents. Fiscal Year: FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 FY 2020 Target: --- --- --- --- 65% 66% Result: --- --- --- --- TBD TBD CISA - 10

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.