The possible imminent departure of Homeland Security Secretary Kirstjen Nielsen -- a likelihood, according to major news outlets -- would come as DHS manages a number of top-priority cybersecurity partnerships with industry as well as a potentially delicate relationship on cyber with the Pentagon, and as lawmakers may consider DHS legislation in the current lame-duck session.
If Nielsen is ousted over her handling of immigration issues -- the long-running source of President Trump's frustration with the secretary -- and replaced by either a temporary fill-in or a nominee focused on border-control issues, cyber policy could find itself falling on the department's priority list.
Cyber is Nielsen's policy strong suit and she orchestrated what was seen as a successful “cybersecurity summit” in New York City this summer. She has embraced a risk-management approach to cyber that has strong support in the business community and empowered key deputies like Christopher Krebs and Jeanette Manfra to aggressively pursue collaboration with the private sector.
About this feature:
'The Editor Reports' is a new feature from Inside Cybersecurity intended to identify themes emerging from our news coverage and pose questions about the direction of evolving cybersecurity policies. Email comments to email@example.com.
“I agree that Nielsen’s replacement will probably focus on immigration and borders, so there could be some downgrade [on cyber],” said James Lewis of the Center for Strategic and international Studies.
“Industry will still prefer to work with DHS, though,” Lewis commented, when asked about a growing role for the Department of Defense, which has already been tasked by the president with expanding its efforts to protect critical infrastructure.
An industry source who works frequently with DHS said Nielsen's departure would take a toll on the multiple partnerships being run out of her department, “but it's hard to know how significant a toll. It could be anything from a wrecking ball to a mild hiccup.”
The source doubted that a leadership change -- DHS would be getting its fourth secretary, including an acting secretary, during Trump's first two years -- would make industry less willing to work with the department on cyber.
“We have a strong interest in keeping DHS at the center of critical infrastructure risk management and presumably the key [senior cyber officials] would remain,” the source said. “I actually think she has done some important stuff at DHS and has put competent people in charge.”
There's never a slow time for cyber policy, at DHS or throughout government and the private sector.
But reports of the president's impending move to replace Nielsen come as the secretary is expected on Friday to formally announce what DHS is calling the “formation and chartering of the nation’s first Information and Communications Technology (ICT) Supply Chain Risk Management Task Force, a public-private partnership to examine and develop consensus recommendations to identify and manage risk to the global ICT supply chain."
She's scheduled to make the announcement in person at a U.S. Chamber of Commerce event.
Nielsen just announced that use of the global positioning system, or GPS, will be one of the first “systemic risks” to be addressed by DHS' new National Risk Management Center -- an entity that she unveiled at the New York City summit.
DHS and the National Institute of Standards and Technology are expected any day now to put out a “roadmap” to guide the government's efforts to combat botnets, under a Trump executive order.
DHS is also expected to play a lead role in the administration's “moonshot” effort.
And, DHS is anxious to see Congress give final approval during the lame-duck session to legislation creating a Cybersecurity and Infrastructure Security Agency at the department.
There's a full stack of cyber must-dos at DHS, and the department currently has a secretary who is engaged and experienced on the issue.
It's up to the president to set priorities for his administration, obviously, including perhaps emphasizing border issues over cybersecurity in the DHS secretary's portfolio. A Nielsen firing or forced resignation seems certain to affect cyber policy, but will it be a hiccup, or a more ominous setback to the work that numerous DHS officials have been doing in recent years? -- Charlie Mitchell, editor, Inside Cybersecurity