Cyberattacks are a leading cause of fear among Americans today—and with good reason. According to a 2017 Pew Research Center study, 64 percent of Americans “have personally experienced a major data breach.” As a result, citizens have developed an overall lack of trust in the government and social media—which both possess a vast majority of their private information—and their ability to protect that data.
Cyberattacks are a concern for more than just individuals in today’s society, however. Corporations such as Apple, Microsoft, and Google, have become reliant on the work of cybersecurity agencies within their organizations to keep the data of their users and customers secure.
The United States government is no different. In an effort to protect against the threats posed on the country by hackers and data thieves, the government leans heavily on the practice of cybersecurity to keep the country protected.
Who is Protecting Our Data?
The majority of this work at the national level is carried out by The Department of Homeland Security (DHS), a government agency that exists primarily to protect the country from threats, whether they be in the form of natural disasters, acts of terrorism, or, in this case, cyberattacks. In her 2019 State of Homeland Security Address, U.S. Secretary Kirstjen M. Nielsen expressed the severity of these issues from a homeland security perspective:
“On the top list of threats—the word CYBER is circled, highlighted, and underlined,” she said. “The cyber domain is a target, a weapon, and a threat vector—all at the same time.”
With cybersecurity taking such a high priority within the DHS, it’s important for homeland security professionals to understand how their role in protecting the country intersects with this growing need for data protection. Read on to explore the breadth of the cybersecurity and homeland security industries and the three main ways in which they intersect to combat the issues facing the nation today.
In order to properly appreciate the ways in which these two practices intersect, it’s important to first understand how each operates as a single entity.
Download Our Free Guide to Advancing Your Career in Homeland Security
Learn how to build a rewarding career in an industry that’s helping protect an increasingly unpredictable world.
What is Homeland Security?
“Homeland security is the internal security of our country from a non-criminal justice standpoint,” says James Holst, an adjunct professor in the graduate homeland security program at Northeastern University. “This could include defending against terrorist actions, looking out for issues that could affect our country from [an] economic or business intelligence perspective, natural disasters, [and more.]”
Homeland security is enforced and regulated by the DHS, who takes preventative steps to combat threats and intervenes when a threat has turned into action.
What is Cybersecurity?
Cybersecurity is much more complex than a simple set of steps taken to keep online attackers at bay. Ted Johnson, a professor of the practice in Northeastern’s College of Professional Studies and a retired Commander in the U.S. Navy, explains that rather than a single act, cybersecurity should be thought of as “a system of activities that must be undertaken in order to secure networks.”
He also compares the practice to healthcare. “There are so many components to healthcare that, to be healthy, you have to do all of those things in conjunction with one another,” he says. “In the same way, if you want your organization [or] your nation to be secure in cyberspace, there are tons of things you have to do all in concert on a continual basis, and with the right processes and systems in place, to ensure you are cyber-secure.”
These processes and systems can also be applied to companies, individuals, or organizations that require cybersecurity specialists to protect their private data. This need for online protection, alongside the current trends of online attackers, has led to the development of dozens of high-paying careers in cybersecurity for those with the proper skillsets.
Another factor that makes the cybersecurity field attractive to job seekers is how frequently cyberattack methods change and adapt. Johnson adds.
He notes that there are four main areas of concern for tomorrow’s cybersecurity specialists, which are:
- The encryption of data
- The growing use of automated attacks
- The use of ransomware
- The ease at which individuals can be baited into sharing private information online
Those looking to enter or advance in the field should stay up to date on these and other trends in cybersecurity.
Learn more: Download our Guide to Advancing Your Career in Cybersecurity
How do Homeland Security and Cybersecurity Intersect?
Holst counts cybersecurity among the main pillars of the DHS’s work alongside aspects such as intelligence and national defense. Johnson agrees with this view on how the two relate:
“If homeland security is a big pie, cybersecurity is a slice of it,” he explains. “But cybersecurity is not just a subset of homeland security. It’s a subset of business, national security, [etc.]…it’s its own discipline that has applications across a number of different types of policy fields.”
Among these policy fields, Johnson lists economics and commerce, explaining that each has something unique to lose from a cyberattack—whether it be intellectual property, formulas, or trade secrets. For this reason, organizations at a variety of levels must all rely on the practice of cybersecurity to keep their data safe.
“When you’re looking at cybersecurity itself, you are looking from the corporations, organizations, government agencies, all the way down to the individual,” Holst says.
Though there are plenty of actions that corporations and even individuals must take in order to protect themselves from these types of online attacks, the DHS is the primary organization with a scope that extends into each of these layers.
The three main ways that homeland security and cybersecurity intersect include:
- Cybersecurity and national defense
- Homeland security and cybersecurity functions within technology companies
- Policy and enforcement of cybersecurity practices by the DHS
Read on for a more in-depth look at each of these intersections, and examples of how they operate in today’s society.
Intersection #1: Cybersecurity and National Defense
Threats that are made against the well-being of the country are handled by the Department of Homeland Security and, in today’s world, most of the cyberthreats causing concern are exactly of this nature.
“Today, I am more worried about the ability of bad guys to hijack our networks than their ability to hijack our flights,” Secretary Nielsen said.
It is for this reason that the efforts of cybersecurity specialists and the DHS are so intertwined at this moment in history. Items that fall under the nation’s critical infrastructure, for example, are among those most under protection by these combined forces, including the country’s transportation, energy, diplomacy, and even the power grid. The hacking or hijacking of any of these items could have a devastating impact on the entire nation.
Homeland security and cybersecurity teams also work together to monitor the internet and social media for terrorist activity. There are strict restrictions to aspects of this work but, in general, it is up to the nation’s cybersecurity teams to track trends and activity online. These teams then report their findings to the DHS who triage these potential threats in order to keep the country safe.
The DHS also helps mitigate future threats—cyber or physical—by hosting events aimed at preventively stopping terrorist attacks. The “2019 National Summit on Terrorism Prevention,” for example, is an event which Secretary Nielsen describes as a way “to better crowd-source our defenses against terror” with the assistance of technology companies, law enforcement, social service providers, and others who have insight into this effort.
These types of events provide rare and exciting opportunities for professionals in both industries to collaborate, giving even corporate-level employees a chance to help mold the policies and technology that will help protect the country in the future.
Intersection #2: Homeland Security and Cybersecurity in the Technology Sector
Alongside the growing need for cybersecurity at the national defense-level, there are also many instances in which homeland security agents and cybersecurity specialists team up with experts in technology companies who share similar data-protection goals.
Although in these cases, tech companies are likely working to protect the data of their customers rather than the data of the nation as a whole, this doesn’t stop the DHS and the government’s cybersecurity teams from leaning on these experts’ knowledge and practices to help defend the country.
The Benefits of This Intersection
This partnership has become even more prevalent as technology continues to advance beyond the scope of federal regulation.
“It used to be that the most sophisticated organization from a technological standpoint was the federal government,” Johnson says. “Now the leaders in technology—especially when it comes to practicing [cyber]security—are corporations like Apple.”
Secretary Nielsen believes that having companies like Apple work alongside the DHS is vital to staying ahead of attackers. In support of this, the department’s 2018 National Cybersecurity Summit brought together CEOs from some of the largest tech companies in America to work with the U.S. leaders to analyze the nation’s current and future approach to cybersecurity. This event led to the formation of the National Risk Management Center (NRMC), a subset of the Department of Homeland Security, which Nielsen describes as “a premier forum for government and industry to collaborate against evolving digital dangers.”
The Conflict Within This Intersection
Although the DHS and tech companies have teamed up to combat cyberattacks in some regards, there are still some areas of conflict between the two groups—mainly because homeland security and cybersecurity teams operate under different priorities.
While homeland security agents are concerned with keeping people safe, cybersecurity agents within technology companies are concerned with keeping people’s data safe.
When these two concepts are synonymous, such as in the protection of people and their personal data from cyberattacks, the two organizations can operate in conjunction. When the government wants to use an individual or corporation’s private, protected data to help defend against attacks or other threats against the country, however, cybersecurity agencies may feel opposed.
This is the current issue facing the government and tech companies in regards to encryption. Encryption is a valuable and effective method of data security used to convert data from a readable form to an encoded one that must be decoded post-transmission before it can be read or used. It’s an integral method for cybersecurity teams, especially those in tech companies, and it is only getting more and more advanced as time goes on.
“When you [increase] the amount of encryption, it not only makes it more difficult for the bad guys to get the information, it also makes it that much more difficult for the government to get the information,” Holst says. “[So] private corporations could have much better technology or encryption than the government could have, and if anything went down where the government would have to go into these corporations to get that information, they may not be able to do it.”
Real-World Example: Apple v. FBI
What Holst has described is exactly what happened in the 2016 Apple-FBI encryption debate, which occurred when the FBI requested Apple unlock the iPhone of one of the gunmen involved in a mass shooting in San Bernardino, California in order to continue their investigation. Due to new encryption software setup within all iPhones in 2014, Apple had made it so that after a certain number of failed login attempts, an iPhone would lock out the intruder and fully encrypt all the data stored on the device. This encryption would have resulted in a dead-end for the FBI’s investigation, which led them to ask Apple for access, a request that Apple denied.
Since this shooting was a threat against American people, homeland security had a vested interest in solving the case, so when Apple refused to unlock the phone, citing their approach to privacy as the reason, the issue was brought to court. The debate came down to determining whether or not national security was allowed to dictate how a tech company writes their code, and about setting a legal precedent for the future to determine where cybersecurity ends and national security begins.
In a statement made by Apple after the case concluded, the company said they feared that the demand for a “back-door” approach to unlocking iPhones in this way “would undermine the very freedoms and liberty our government is meant to protect.”
This case provided a difficult intersection for cybersecurity specialists and homeland security agents, but it is not the only time that the rights of American citizens have been brought up in the effort to protect our data.
“After 9/11 occurred, the country passed the [USA] Patriot Act, which allows for the government, in certain cases, to use cybersecurity to monitor certain groups of people or individuals where they didn’t have that power before,” Holst explains. “There’s a very fine line that we walk on between our own civil rights and our own protections.”
Intersection #3: Policy & Enforcement of Cybersecurity Practices by the Department of Homeland Security
Citizens may recognize larger acts of government legislation that have been established to protect nation (e.g. the ‘Patriot Act’) but there are other policies, procedures, and regulations established and enforced by the DHS that the public is not as familiar with. This is especially true in regards to cybersecurity.
Holst references the 2017 Equifax data breach as one of the most prominent instances of a cyberattack that resulted in the formation of new policies and procedures by homeland security agents for corporations to follow. In this scenario, the personal data of 143 million people was stolen from one of the largest credit reporting agencies in America. This data included social security numbers, birthdays, addresses, driver’s license numbers, and more.
“Because it not only affects the company, but it affects every single person who has a credit score in the country…the idea here is [that], from a homeland security standpoint, we have to ensure certain protocols are made [and] governance done at [Equifax and other] corporations, so that a breach like this never occurs [again],” Holst says.
This is just one example of a corporation needing assistance from the homeland security team to deal with the outcome of a cyberattack. In most cases, however, rather than getting involved to do damage control after an attack, the DHS works preventively to protect individuals who trust corporations with their data, as well as those corporations themselves.
To do this, the DHS creates and enforces cybersecurity-related policies, procedures, and regulations for corporations. Holst compares this to the work of other government agencies who set the standards that companies in America must adhere to, such as the U.S. Food & Drug Administration (FDA) or the U.S. Department of Agriculture (USDA).
The USDA, for instance, sends inspectors onto farms to make sure the meat they’re selling is clean, farming techniques are done correctly, and that there is no sign of disease. “The same would be true for the homeland security standpoint,” Holst says. “Especially with large amounts of data or data that has compromised…our entire economy, [the Department of Homeland Security] would have to go into the Goldman Sachs, the Bank of Americas, [and] the Equifaxes of the world and [confirm that they are] following these protocols.”
Additionally, teams of cybersecurity specialists from within the DHS often spend years working on protocols and systems to protect the country, especially after having learned from a threat they were unprepared for in the past.
Real-World Example: 2016 Election Hacking
After the voter registration rolls were hacked by Russians during the 2016 presidential election, the DHS launched its efforts to protect from such interference again by taking protective measures in each individual state.
“Last year we applied our ‘lessons learned’ from 2016 to prevent hijacking in the 2018 elections,” Secretary Nielsen said. The Department of Homeland Security traveled across the country and took steps to establish “election security efforts” to protect from such attacks. As a result, Nielsen reports that, “the 2018 election was the most secure in the modern era.”
She explains that the next step is the “Protect 2020” initiative, which has been created to secure election infrastructure and “get all States to a baseline level of election infrastructure cybersecurity well before the next vote.”
Careers in Homeland Security and Cybersecurity
Exploring this intersection of homeland and cybersecurity is crucial for aspiring homeland security professionals who are considering a cyber-concentration. Other specialties—such as criminal justice, intelligence, or national defense—are a draw for certain types of individuals, but a very specific subset of these people will have the skills, background, and diverse set of interests necessary to thrive in the cybersecurity sector.
“[Homeland security and cybersecurity are] both separate disciplines that intersect in very crucial spots,” Johnson says. “The kind of person that will be drawn to the two disciplines are the folks that are as interested in the technology of cyber as they are in the mission of securing the homeland.”
Johnson says that prospective students should also have the analytical, IT, and computer science skills needed to work in this demanding, tech-based field, as well as the desire to continue working towards their particular career aspirations through a cybersecurity certification process post-graduation.
“It used to be [only] on-the-job training [that prepared students for this career],” Johnson explains. “There was no curriculum for cybersecurity…[but as] the industry grew, the demand for education grew. The typical path is now: college, on the job training, certification, and [finally] an upward movement in specific industries or organizations.”
Looking to make this kind of upward movement in your career? Consider a homeland security program like Northeastern’s and find your place in the homeland security sector.