Inside Cybersecurity

July 15, 2020

Daily News
Cyber Reg Watch: Analysis

Shifting Secret Service out of DHS may do more for cyber than shuffle bureaucratic deck chairs

June 17, 2020

A pair of high-profile industry voices on cyber this week offered strong support for shifting the Secret Service out of DHS and back to the Treasury Department, calling it a plus-up for cybersecurity, and the proposal also garnered positive reviews from a former leader of a national commission on cybersecurity.

“I agree that it is time to consider the appropriate steps for moving the Secret Service back to the U.S. Treasury to enable a more direct collaboration with the Treasury Department on financial security,” said Kiersten Todt, managing director of the Cyber Readiness Institute and executive director of the 2016 Presidential Commission on Enhancing National Cybersecurity.

“However,” Todt told Inside Cybersecurity, “that move alone is not enough. Our current threat environment demands broader answers to how government is organized to protect our critical infrastructure and to address cybersecurity.”

Todt said, “Specifically, I know first-hand why decisions were made to bring government entities into DHS and the mentality at the time that prompted those drastic, in some cases, decisions. The law was passed in November 2002. As we approach the 18th year anniversary of the passage of the law, I assert that it is time to examine the organizational structure of DHS and seriously explore a reorganization -- similar to what Goldwater-Nichols in 1986 did” in a historic reform of the Department of Defense.

“I was one of the drafters of the legislation to create the Department of Homeland Security,” as a congressional staffer for then-Senate Governmental Affairs Chairman Joseph Lieberman (D-CT), Todt said. “I had organized a hearing on critical infrastructure protection for Senator Lieberman, for September 12, 2001 -- 9/11 happened on Tuesday and we were the only hearing on Capitol Hill on September 12, 2001. During that hearing, Senator Lieberman announced there should be a Department of Homeland Security -- which seemed far-fetched to many at the time.”

As work got underway to construct the Department of Homeland Security, “Bringing the U.S. Secret Service into DHS was one of the most contentious debates we had in building the department,” she said. “At the time, the mentality was to create an agency that would protect the nation from threats and to keep it secure -- based on the mission of the Secret Service, it seemed appropriate to integrate it into the full agency.”

Now, it may be an opportune time to consider the proper – and most effective -- home for the Secret Service and how best to enhance its role in helping secure the financial sector and customers from cyber attacks. But the goals and demands of a national cybersecurity strategy might be better served by pursuing such a move in the context of broader steps at DHS, perhaps including the long-awaited, first-time reauthorization of that department.

Testimony in favor of a shift

Sens. Lindsey Graham (R-SC) and Dianne Feinstein (D-CA) this spring introduced a bill, S. 3636, to shift the Secret Service back to Treasury, a move championed over the past year by Treasury Secretary Steven Mnuchin. The shift was included in the fiscal 2021 budget proposal from the Trump administration, although there have been reports of interagency concerns over the impact of a shift on DHS.

According to the White House fiscal 2021 budget submission: “Technological advancements in recent decades, such as cryptocurrencies and the increasing interconnectedness of the international financial marketplace, have resulted in more complex criminal organizations and revealed stronger links between financial and electronic crimes and the financing of terrorists and rogue state actors. The Budget proposes legislation to return the U.S. Secret Service to Treasury to create new efficiencies in the investigation of these crimes and prepare the Nation to face the threats of tomorrow.”

The move was touted at a House Financial Services subcommittee hearing Tuesday by VMware’s Tom Kellermann and the National Security Institute’s Jamil Jaffer, who is also senior vice president at IronNet Cybersecurity.

Jaffer, a former congressional and White House aide, pointed in his testimony to recent comments in favor of the shift.

“At least one key former government official, Juan Zarate, who previously served as the first-ever Assistant Secretary of the Treasury for Terrorist Financing and Financial Crimes in the Bush Administration, and Tim Maurer, the head of the Cyber Policy Initiative at the Carnegie Endowment for International Peace, have recently argued in favor moving the U.S. Secret Service—which has long had a central role protecting the financial sector—back to the Treasury Department from the Department of Homeland Security,” Jaffer said. “Zarate and Maurer argue that such a move could ‘better align policy, regulatory, intelligence and enforcement attention on protecting the integrity and resilience of the American financial system.’”

Jaffer noted that “News reports have suggested that an internal feasibility study conducted by the Secret Service determined that ‘moving the Secret Service would help enhance collaboration in the Treasury and would put the Secret Service back on the map as a large law enforcement agency, though it could harm morale at [DHS]’ and could ‘open DHS up to additional reforms or reorganizations, perhaps even some involving the transfer or dismantling of other operating components, further weakening the department at a critical time in its development.’ While the impact on DHS is important to consider, the Committee should take the action most likely to result in better cybersecurity for the critically important financial sector.”

Jaffer also called for bolstering cyber info-sharing capacities at Treasury.

“The Treasury Department has long played a leading role in working directly with key financial institutions to understand and mitigate cyber risk,” he said. “The [House Financial Services] Committee ought consider providing Treasury with the opportunity to build on this highly important and effective work through the creation of a Financial Threats Cyber Operation Center (FT-CyOC) that would have access to real-time threat intelligence from the national security community, including DHS, FBI, NSA, and U.S. Cyber Command, as well as directly from the financial services industry with appropriate liability and other protections provided by the Cyber Information Sharing Act of 2015.”

Jaffer said, “Such a capability, if provided by the Committee, would allow Treasury to collaborate directly with the financial sector on active threats and to tip national security organizations to intelligence needs of industry as well as the behaviors of potential threat actors being seen across the industry. Likewise, such a capability would allow Treasury to leverage its position as an intelligence community member, through its Office of Intelligence and Analysis, to collect and share threat intelligence, in real-time, back to industry in an actionable form while still appropriately protecting intelligence sources and methods.”

He said, “Most importantly, the FT-CyOC ought serve not simply as an information sharing mechanism, but also should work directly with industry and government partners to enable them to take action against such threats as they happen. Placing this capability at Treasury would specifically allow the Department to take advantage of the trusted relationships it has already built with key industry players and organizations, including but not limited to the FS-ISAC and FSARC, as well as its already strong existing relationships with key cyber players in government, including across the national security community.”

Kellermann of VMware testified in favor of Graham-Feinstein as well, saying, “The Secret Service is best known primarily for protection; however, it also performs financial, counterfeit currency, and cybercrime investigations. The proposed realignment allows the Secret Service to reprioritize its investigative mission and was included in the President’s 2021 budget submission.” – Charlie Mitchell (cmitchell@iwpnews.com)