The Department of Homeland Security has been positioned in recent years as the lead civilian agency on cybersecurity, and keeping it in that spot is a top priority for its congressional overseers.
So members of the Senate Homeland Security and Governmental Affairs Committee were most eager to hear retired Gen. John Kelly, the nominee to serve as DHS secretary, hit the right notes on the department’s cyber role at his Jan. 10 confirmation hearing.
It appears the former Southern Command leader came through with flying colors.
Cybersecurity wasn’t Kelly’s specialty as a fighting Marine. But much like outgoing DHS Secretary Jeh Johnson at his own confirmation hearing in 2013, Kelly showed an appreciation for the cyber issues of paramount concern to lawmakers including Senate Homeland Security Chairman Ron Johnson, R-Wis., Ranking Member Sen. Claire McCaskill, D-Mo., and Sen. Tom Carper, D-Del.
Kelly spoke positively about reorganizing DHS’s cybersecurity functions into a cyber agency that would formalize the department’s position at the pinnacle of the federal government’s cyber efforts.
The Senate and House homeland security panels, for both operational and jurisdictional reasons, want to ensure DHS has final say over securing civilian government networks and in coordinating on cybersecurity with the private sector.
House Homeland Security Committee Chairman Michael McCaul, R-Tex., says a bill to accomplish just that will be his first priority in the 115th Congress.
Kelly also talked about “outreach” and collaboration, not regulatory coercion, with the private sector, and cited work initiated by outgoing Defense Secretary Ash Carter as a model.
“I also know that … three or four or five years ago, we talked about the United States would not have a peer competitor in cyber for 20 years or 25 years,” Kelly said. “Now, we know that we have some pretty darn close to peer competitors.”
With that in mind, Kelly said “I was watching something that Secretary Ash Carter started when he first took over at the Defense Department. He started to reach out to the commercial world — Silicon Valley — that kind of thing to engage them as opposed to perhaps, or at least to get, you know, get a report card on how we are doing within the federal government to develop.”
Beyond report cards, which could fit in with the 90-day cybersecurity review of federal computer systems promised by President-elect Trump, Kelly said “there’s unbelievable … talent out there in the civilian sector and I think at this point in time, everyone realizes that it’s in everyone’s interest. Whether it’s personal security or corporate security, certainly U.S. security, everyone realizes I think that working together makes an awful lot of sense. ”
Kelly also highlighted the need to keep privacy concerns front and center as the department fulfills its cyber functions. A prime reason for giving DHS the lead civilian role on cybersecurity was so it could provide a uniform approach to protecting privacy and civil liberties.
“There are clearly privacy issues and those kinds of things … [the law] would always have to be followed, but I think just more cooperation amongst the private sector and in the federal sector, the state sector,” Kelly said.
The early days of the new Congress have brought hints of cybersecurity jurisdictional disputes on Capitol Hill, and questions about who will be running the cyber portfolio in the Trump administration.
Amid this policy uncertainty, a retired Marine Corps general may be just what DHS needs to meet the upcoming challenges.
Charlie Mitchell is editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers, and author of “Hacked: The Inside Story of America’s Struggle to Secure Cyberspace,” published by Rowman and Littlefield.
