Home Blog Data Privacy: DHS’ Role in Cybersecurity

Data Privacy: DHS’ Role in Cybersecurity

May 31, 2022
Abstract background concept of cyber security and attack, system crash (3D rendered)

The Department of Homeland Security (DHS) is responsible for protecting the United States and its citizens from a variety of threats, including cyberattacks. In recent years, DHS has undertaken a number of initiatives to strengthen cybersecurity at the federal level—protecting the .gov domain—and to provide information and assistance to state, local and tribal governments and private sector partners. The DHS also offers a variety of resources on its website, including guides on how individuals can protect themselves from cyber threats.

Let’s explore the initiatives and practices DHS has implemented to protect U.S. citizens and to specify how data is used as ever-evolving cyber attacks continue to pose a threat to data privacy.

DHS Cybersecurity Initiatives

Cybersecurity and Infrastructure Security Agency

The Cybersecurity and Infrastructure Security Agency (CISA) was established in 2018 to work with federal, state and local partners to help secure critical infrastructure against cyber threats. CISA leads operations for federal cybersecurity and acts as the coordinator for national efforts to ensure critical infrastructure security and resilience.1

Cybersecurity Awareness Month

CISA launched the National Cybersecurity Awareness Month campaign to raise awareness about cybersecurity risks and to stress the importance of individuals and organizations being proactive in protecting their part of cyberspace2. Running each October, the campaign provides and promotes resources for staying safe online. Formerly called National Cybersecurity Awareness Month, October 2022 will be the 19th year of this annual campaign.

National Cybersecurity and Communications Integration Center

The National Cybersecurity and Communications Integration Center (NCCIC) is a 24/7 operation that monitors cybersecurity threats. The work of this organization is a key piece in DHS’ strategy to promote cybersecurity, with the goal of building effective risk management and control systems. NCCIC plays a leading role in this strategy in a number of ways, including responding to control system incidents, analyzing vulnerabilities, providing on-site response to incidents and more.3

Cyber Information Sharing and Collaboration Program

DHS created the Cyber Information Sharing and Collaboration Program (CISCP) to allow private companies and individuals to share information about cyber threats with DHS agencies. CISCP aims to build resilience around cybersecurity by helping partners manage cybersecurity risks, focusing on proactive detection, prevention, mitigation, response and recovery.4

DHS Cybersecurity Principles and Practices

Fair Information Practice Principles

DHS published the Fair Information Practice Principles (FIPPs) in 2008, believing that these principles are essential for ensuring that information is used in a fair and responsible manner. The agency additionally views these principles as key to establishing and maintaining public trust and confidence in the government, as it should act responsibly and transparently in how personally identifiable information (PII) is collected.

There are eight main principles in FIPPs5:

  • Transparency: People have a right to know how their information is being collected and used. DHS should provide notice regarding the collection, use, dissemination and maintenance of PII.
  • Individual Participation: DHS should involve individuals in the collection and use of PII and seek consent around its use.
  • Purpose Specification: DHS should express how PII is going to be used, as well as the authority that permits PII collection.
  • Data Minimization: PII that is relevant and necessary to the purpose(s) specified is what DHS should collect. The PII should also only be kept for the amount of time necessary to accomplish the noted purpose(s).
  • Use Limitation: Use of collected PII should be limited to the specified purpose(s), with PII only being shared outside of DHS to fulfill the purpose(s) outlined.
  • Data Quality and Integrity: PII should be accurate, relevant, timely, and complete.
  • Security: PII needs to be protected using appropriate security safeguards to prevent loss, unauthorized access/use, destruction, modification, or inappropriate disclosure.
  • Accountability and Auditing: DHS is accountable for complying with the outlined principles, and for training employees and contractors using PII. The use of PII also needs to be audited to show this compliance.

DHS provides advice on how FIPPs can be implemented within organizations in order to improve cybersecurity. It is important for organizations to consider these principles when handling people's information. By doing so, they can help ensure that data is used in a fair and responsible way.

Cybersecurity Impact Assessments

The term “impact assessment” often is used in relation to environmental issues, like when a company does an environmental impact assessment before starting a new project to gauge the potential effects on local wildlife and ecosystems. But impact assessments can also be done in the world of cybersecurity. A privacy impact assessment looks at the potential impacts of a cybersecurity project on privacy. DHS uses privacy impact assessments to evaluate how a new program or technology might impact the privacy of the people it affects.

The goals of a privacy impact assessment are6:

  • To ensure that laws, regulations and policies around privacy are followed
  • To determine the risks and effects of the project
  • To evaluate protections or other processes in order to mitigate possible risks to privacy

By taking into account the potential risks to privacy before starting a new cybersecurity project, agencies like DHS can help to ensure that Americans' privacy rights are not adversely impacted.

Specialize in Data and Privacy Law with Cardozo School of Law

All of these initiatives need to be staffed by professionals who are especially savvy when it comes to data and privacy laws. Whether you are looking to work for a government agency—like DHS—or a private company, earning a Master of Studies in Law (MSL) with a focus on data and privacy law is an excellent way to set yourself apart in the cybersecurity field. Yeshiva University Cardozo School of Law’s online MSL breaks down the complexities of cybersecurity, data and privacy laws to allow you to excel in IT, cybersecurity, HR, operations and more.

Cardozo’s MSL program is designed by industry leaders and combines theoretical and practical perspectives on compelling topics, including international data protection, cybersecurity, internet law and much more. As a Cardozo student, you’ll study with our top-ranked faculty and build connections with your fellow students in small group settings that focus on engagement. Gain the skills and confidence to make smarter decisions about data operation and management—in your current professional role or your future career as a data specialist.

Connect with an Admissions Advisor to learn more about the online MSL in Data and Privacy Law.

Sources
  1. Retrieved May 18, 2022, from cisa.gov/about-cisa
  2. Retrieved May 18, 2022, from cisa.gov/cybersecurity-awareness-month
  3. Retrieved May 18, 2022, from cisa.gov/uscert/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_NCCIC%20ICS_S508C.pdf
  4. Retrieved May 18, 2022, from cisa.gov/ciscp
  5. Retrieved May 18, 2022, from dhs.gov/sites/default/files/publications/Privacy%20at%20DHS%20Fact%20Sheet_Clean.pdf
  6. Retrieved May 18, 2022, from dhs.gov/privacy-impact-assessments