CISA - Threat Hunting Integrated Services (THIS)
Investment ID: 024-000009627
Overview
Program Title
CISA - Threat Hunting Integrated Services (THIS)
Description
Cybersecurity and Infrastructure Security Agency s (CISA) Cyber Defense Operations (CDO) identifies, detects, and responds to the most significant cyber threats to the United States. CDO is the Department of Homeland Security s (DHS) front line in identifying and tracking threats, detecting malicious activity in federal civilian executive branch, critical infrastructure, and partner networks, proactively hunting for malicious cyber activity, and responding to cyber incidents. CDO s world-class experts lead characterization, detection, response, containment, and remediation efforts in civilian executive branch, critical infrastructure, and partner networks. CDO supports CISA by serving as its primary operational arm in the execution of the asset response mission delegated to DHS, in President Policy Directive 41 (PPD-41).
Type of Program
Major IT Investments
Multi-Agency Category
Not Applicable
Investment Detail
There is consensus that calculating ROI for Cyber Investments is difficult as no program can claim complete definitive removal of threat. There is ample evidence that costs to the United States associated with Data breach and Cyber Crime is significant. Citing the recent CISA Economic study Cost of a Cyber Incident: Systematic Review and Cross-Validation, the aggregate annual estimates for U.S. impacts range from under $1 billion to over $242 billion, with some more extreme estimates reaching as high as $665 billion and even over $7 trillion. Per incident losses have a mean range of $394,000 to almost $19.9M in loss per incident. The 2020 FBI Cyber Crime reports $4.2 Billion in losses due to internet crime. The THIS investment provides many analytical services that identify and track threats, detect malicious activity in federal civilian executive branch, critical infrastructure, and partner networks, proactively hunt for malicious cyber activity, and respond to cyber incidents. Direct assistance and Information gained by these activities does mitigate risk of financial loss and aide financial recovery associated with Data Breaches and Cyber Crime. The analytical services address a highly dynamic Cyber Threat environment. The exact sum can only be estimated as events are rising world-wide every year and information shared and implemented may never be reported. Economic Sabotage or Ransom wear attacks on critical infrastructure as evidenced by recent gasoline pipeline disruption has the potential for incalculable costs to the US. The ROI calculation represents a best estimate minimum return. Whereby the THIS yearly budget is approximately 90M, a calculation based on a mitigation of 1% of $4.2B or Rate of Return = (Gain of Investment/ Cost of Investment) 1, 43M/90M-1=-52%, At 5% mitigation the ROI is 133%. This calculation measures well against the CDM program that provided three methodologies ranging from -84.34 to 335% ROI. NCPS reports -96.46%. When averaging all three program figures -96.46, -84.34, -52, 71.42, 84.34, 133 and 335, the result is 49% It can be assumed with the very high cost range associated with potential economic damages due to Cyber security incidents, the ROI is potentially 100s of percent. A conservative 10% percent is added to the THIS calculation for uncertainty, the ROI is best estimated at a MINIMUM 59%.