Information sharing is a key part of the Department of Homeland Security’s (DHS) important mission to create shared situational awareness of potential cybersecurity vulnerabilities. DHS, through our National Cybersecurity & Communications Integration Center (NCCIC), actively collaborates with public and private sector partners every day to make sure they have the information and tools they need to protect the systems we all rely on.
When a cybersecurity industry report was published three days ago about a vulnerability known as “Heartbleed” – affecting websites, email, and instant messaging – that can potentially impact Internet logins and personal information online by undermining the encryption process, the Department’s U.S.-Computer Emergency Readiness Team (US-CERT) immediately issued an alert to share actionable information with the public and suggested mitigation steps. Subsequently, our Industrial Control System-Cyber Emergency Response Team (ICS-CERT) published information and reached out to vendors and asset owners to determine the potential vulnerabilities to computer systems that control essential systems – like critical infrastructure, user-facing, and financial systems. The National Coordinating Center for Communications (NCC) also provided situational awareness to communications sector partners for their review and action.
Importantly, the federal government’s core citizen-facing websites are not exposed to risks from this cybersecurity threat. We are continuing to coordinate across agencies to ensure that all federal government websites are protected from this threat.
While there have not been any reported attacks or malicious incidents involving this particular vulnerability confirmed at this time, it is still possible that malicious actors in cyberspace could exploit un-patched systems. That is why everyone has a role to play to ensuring our nation’s cybersecurity. We have been and continue to work closely with federal, state, local and private sector partners to determine any potential impacts and help implement mitigation strategies as necessary.
Today we’re also sharing some tips on steps you can take to protect your own personal cybersecurity and information online:
Cybersecurity is a shared responsibility and when we take steps to ensure our own cyber safety, we are also helping to create a safer Internet for others.
For more cyber resources and tips, please visit www.dhs.gov/stopthinkconnect.