TABLE OF CONTENTS
INTRODUCTION......................................................................................................................... 1
SCOPE .......................................................................................................................................... 1
THE CYBER THREAT .................................................................................................................... 2
MANAGING NATIONAL CYBERSECURITY RISK ............................................................................ 3
GUIDING PRINCIPLES ................................................................................................................... 5
DEVELOPMENT AND IMPLEMENTATION ....................................................................................... 6
PILLAR I – RISK IDENTIFICATION ...................................................................................... 7
GOAL 1: ASSESS EVOLVING CYBERSECURITY RISKS ................................................................... 7
PILLAR II – VULNERABILITY REDUCTION ...................................................................... 8
GOAL 2: PROTECT FEDERAL GOVERNMENT INFORMATION SYSTEMS .......................................... 8
GOAL 3: PROTECT CRITICAL INFRASTRUCTURE......................................................................... 11
PILLAR III: THREAT REDUCTION ..................................................................................... 15
GOAL 4: PREVENT AND DISRUPT CRIMINAL USE OF CYBERSPACE ............................................ 15
PILLAR IV – CONSEQUENCE MITIGATION .................................................................... 19
GOAL 5: RESPOND EFFECTIVELY TO CYBER INCIDENTS ............................................................ 19
PILLAR V – ENABLE CYBERSECURITY OUTCOMES ................................................... 22
GOAL 6: STRENGTHEN THE SECURITY AND RELIABILITY OF THE CYBER ECOSYSTEM ............... 22
GOAL 7: IMPROVE MANAGEMENT OF DHS CYBERSECURITY ACTIVITIES ................................. 25
CONCLUSION ........................................................................................................................... 27
APPENDIX: DHS CYBERSECURITY AUTHORITIES .................................................... A-1
i