Homeland Security funds cybersecurity risk management strategy

The U.S. Department of Homeland Security (DHS) Science and Technology Directorate (S&T) recently funded development for a cybersecurity risk management strategy that can be used to decrease wireless emergency alert (WEA) vulnerabilities to cyberattack and to manage risk despite changing threats.

Carnegie Mellon University's Software Engineering Institute conducted interviews with alert originators and vendors to understand the alert origination process, security roles, responsibilities and practices, as well as to create a well-informed strategy.

"Alert originators need to understand threats, ensure that vulnerabilities are identified, and mitigate risks so that alerts are sent with proper authorization- accurately, and on time, every time," Denis Gusty, WEA's program manager for DHS S&T, said.

The four-state WEA cybersecurity risk management strategy supports governance, organizational processes and operational mechanisms that can be used by alert originators to meet cybersecurity responsibilities within the context of their organization's unique operational environment.