DHS Realigns the National Preparedness Goal: A Shift Towards Cyber

November 6, 2015


The first edition of the National Preparedness Goal, released in 2011, identified five Homeland Security mission areas in order to align national preparedness efforts. The mission areas: Prevention, Protection, Mitigation, Response and Recovery; each contained at least seven core capabilities that function as critical markers of success in each area. The second edition of the NPG has added new core capabilities to these mission areas as well as redefining previous ones.

"The second edition of the National Preparedness Goal incorporates critical edits identified through real world events, lessons learned and implementation of the National Preparedness System".

-National Preparedness Goal, Second Edition 2015

The first key change in the NPG is that the second edition now clearly states that the National Preparedness Goal is "a secure and resilient Nation with the capabilities required across the whole community to prevent, protect against, mitigate, respond to, and recover from the threats and hazards that pose the greatest risk." The new introduction to the NPG also re-emphasizes the whole community and all-of-Nation approaches to homeland security and managing the risks we face. Forensics, intelligence and information sharing, and – critically – cybersecurity, are now integral parts of many core capabilities within mission areas.

Further emphasis on cyber-security is also noticeable in the Risk and Core Capabilities section of the NPG. This section describes the catastrophic consequences a cyber-attack could have on our nation's critical infrastructures. Recent incidents such as the hacking of Target in December 2013, Home Depot in September 2014, insurance company Excellus BlueCross BlueShield in August 2015, and the massive Office of Personal Management (OPM) data breach, have shown that unclassified information and communication technology (ICT) networks that support US Government, military, commercial, and social activities remain extremely vulnerable.

Recent Cyber Attacks

December 2013
In December 2013, the retail store Target was hacked and the payment information of nearly 40 million customers was compromised, resulting a net loss of nearly $64 million for the company.

February 2014
The Syrian Electronic Army (SEA) conducted a cyber-attack on Forbes in February 2014 and nearly 1 million email accounts had been compromised. The SEA are known to be one of the more active hacker groups and commonly attack media outlets.

September 2014
On September 2, 2014, the retail store Home Depot suffered a five-month long cyber-attack that affected over 56 million customers and caused a loss of nearly $100 million.

2014 Iran Cyber-Attacks
Several cyber-attacks in 2014 on computers were traced back to Iran. These attacks were directed at American oil, gas and electricity companies, and financial institutions on Wall Street.

June 2015
In June 2015 the personal information of over 21 million people was compromised when the Office of Personal Management computer systems was victim to a large scale data breach.

August 2015
The insurance company Excellus BlueCross BlueShield had over 10 million personal information and medical records compromised in a cyberattack that reports indicate may have last for over a year and a half.

The prominence of cybersecurity is possibly the most distinct change to the National Preparedness Goal. Since 2013, cyber has been listed as the number one threat in the Director of National Intelligence's (DNI) Worldwide Threat Assessment.