Is cybersecurity about to tumble down the priority list at the Department of Homeland Security?
President-elect Trump's campaign pledge to “build a wall” suggests that securing the border with Mexico will top the DHS agenda.
Most of the Trump campaign's remarks and writings on cybersecurity have involved beefed-up cyber deterrence and crime-fighting – neither of which are in DHS' portfolio -- while he has called for a “thorough review” of the government's cyber posture by a public-private “cyber review team” that may or may not include DHS.
About this feature:
'The Editor Reports' is a new feature from Inside Cybersecurity intended to identify themes emerging from our news coverage and pose questions about the direction of evolving cybersecurity policies. Email comments to cmitchell@iwpnews.com.
To some security experts, the point may be moot.
“The government can't defend the private sector,” said one industry source who suggested interactions with DHS on the issue have been generally unproductive.
But DHS and its committees of jurisdiction on Capitol Hill have spent much of the past eight years building up cyber capacities at the department and positioning it as the central civilian agency on the issue.
DHS has been designated as the point of contact for sharing cyber threat indicators, both within government and with the private sector, through the department's National Cybersecurity and Communications Integration Center.
House Homeland Security Chairman Michael McCaul (R-TX) – a candidate for DHS secretary – is pushing to get that role and related authorities enshrined in law before the end of the year.
But is all that investment of policy capital in DHS about to go by the wayside?
“It depends on who is nominated to be the leader of the department as to how high of a priority cybersecurity will have,” said a source with close ties to the congressional homeland security panels.
“As a whole,” the source said, “there are many current [Trump] advisers with strong cybersecurity credentials, including [national security adviser pick] Michael Flynn, Michael McCaul, Rudy Giuliani and House Intelligence Chairman Devin Nunes. This leads me to believe that cybersecurity will have an important place in the Trump administration DHS.”
The Trump transition team today announced Flynn for the security adviser role, Sen. Jeff Sessions (R-AL) to be Attorney General and Rep. Mike Pompeo (R-KS) to be CIA director. A DHS pick was still pending at presstime.
Another source, who has served presidents of both parties as a senior official, acknowledged, “I do worry about it as a priority with so many other things on the priority list.”
Cyber simply “may not be at the forefront,” the source said, although much will depend on who gets selected as DHS secretary, as well as who becomes deputy secretary and who fills key spots like DHS under secretary for the National Protection and Programs Directorate.
The source said the fate of the reorganization bill being pushed by McCaul – which would turn NPPD into a cybersecurity agency – will also help determine how much focus cyber gets in the next administration.
If the department's primary cybersecurity function is meant to be operational – the mechanics of info-sharing, for instance, rather than setting policy or serving as a regulator – “then it makes sense to make NPPD an agency and separate it from the rest of the DHS bureaucracy,” the source argued.
Still unclear is if or how cybersecurity policy priorities and needs are filtering up to the president-elect and his inner circle as they make decisions.
But how this administration's Department of Homeland Security approaches the cyber issues is likely to be – based on how things have unfolded so far in the transition – a function of who gets the job as DHS secretary. – Charlie Mitchell, editor, Inside Cybersecurity