DHS Follows Suit with Cybersecurity Similar to the DoD’s CMMC


Over the past year and a half, the Department of Defense (DoD) has been implementing CMMC, a new cybersecurity framework focused on strict security throughout the DoD supply chain. And now, the Department of Homeland Security (DHS) is geared to follow suit by setting up a similar framework.

According to the new CIO of the DHS, Eric Hysen, the DHS is focused on creating an Office of the Chief Data Officer. The office will identify leaders for eight priority data domains, including cybersecurity, law enforcement, and immigration. This move is to further data governance and information sharing, ensuring that frontline operators power the DHS’s new IT modernization project.

Why Is This Security Move Important?

Hysen believes that data must be readily sharable and interoperable “by default,” and creating a CDO is supposed to help the department reach that data goal. The need to create a new CDO office was further underlined after the DHS’s coronavirus vaccination campaign, as the department needed to identify, manage, and contact responses from workers. And doing this the hard way required a lot of time and effort to reconcile the different data sets from across the department.

There is also the need to strengthen the department’s cybersecurity. Hysen admits that the department was one of many agencies that fell victim to SolarWinds intrusion. Working through its Zero Trust Action Group, the department is putting in measures to strengthen its cybersecurity. 

In this regard, the DHS is now including security in every aspect of its IT structure, network architecture, and software development life cycle. The aim here is to be able to limit the occurrence of data breaches more effectively.

The Zero Trust Action Group is creating reusable policy guides, architectures, reference implementations, and pattern libraries within a two-year plan. Early efforts now include giving employees remote access to cloud services through cloud security gateway technologies. Doing this will significantly reduce the burden on the department’s internal and private network.

Additional Measures

The DHS is also taking a close look at the DoD’s CMMC framework, intending to implement a security program requiring standards similar to those required to achieve CMMC compliance.

According to Hysen, the department aims to first pilot the approach within the department’s “vendor base as well.” Although the department now requires more from vendors, it will also encourage them to provide necessary feedback along the way. That is to ensure that nothing takes any of the parties involved by surprise. 

The DHS also wants to extend the improvement measures to its public-facing customer service, beginning with the most pressing ones. This move is significant, as these department services currently take on about 183 million hours of customer service burdens every year, according to Hysen.

Hysen also admits that the Department of Homeland Security “can do better” regarding the department’s public-facing services. He agrees that the department’s current immigration system is “so complicated” that it causes people to use “esoteric” processes and numbers to access essential services. He concludes that the structure of the public-facing services needs redesigning to focus on the needs of those who depend on these services.