Headlines portray President-elect Trump’s choice to run the Department of Homeland Security — retired Marine Gen. John Kelly — as a “border hawk,” not so much a cybersecurity hawk or even a prominent player on that issue.
The general is a bit of an unknown quantity to many within the cyber policy community. That’s troubling to some, as DHS and its congressional overseers spent much of President Obama’s two terms positioning the department as the key civilian agency on cybersecurity.
Will cybersecurity now become a second-tier issue at the department, far behind border security?
Kelly, the recently departed leader of U.S. Southern Command, likely was selected on the strength of his perceived abilities to help secure the southern border against illegal immigration.
However, while Kelly’s military experience and familiarity with Latin America may have first brought him to Trump’s attention, he has also shown an understanding of the dangers lurking in cyberspace and some of the nuances of cyber policy.
Cybersecurity is “a threat without borders, it’s instantaneous,” Kelly said in a 2013 speech at the University of South Florida.
“There are scenarios that are just scary, scary, scary in terms of what could happen,” USF News quoted the general as saying. “Whether they turn off the air traffic control system in the United States — on any given hour of the day, there are 10,000 airplanes in flight in the United States and it’s possible every one of them could become uncontrollable.”
Beyond that, he said, “Financial companies could be wiped out. We have already seen trillions of dollars of proprietary research and development as well as production information stolen.”
The USF News also noted, “In one light-hearted moment answering a student’s question on cybersecurity and how to protect against it while also protecting citizens’ privacy, Kelly quipped on the Tampa socialite caught up in an email scandal between former CIA Director David Petraeus and his biographer: ‘Isn’t Jill Kelley from around here?'”
But the general also hit on one of the central policy issues in cyber circles: the potential for conflict between civil liberties and security. “No one wants anyone to read our personal emails or our letters to our loved ones or friends, or people we shouldn’t be writing emails to,” Kelly said.
DHS was tasked under the Cybersecurity Act of 2015 with ensuring that personal information is not included when government and industry share cyberthreat information as part of efforts to block or mitigate attacks.
Kelly’s sensitivity to that topic may appeal to civil liberties champions of both parties in the Senate, which will have to confirm his nomination early next year.
In picking Kelly, Trump passed over two other candidates with much longer cybersecurity resumes.
One was Frances Townsend, a homeland security and cybersecurity adviser to President George W. Bush.
Another was House Homeland Security Committee Chairman Michael McCaul, R-Texas, who interviewed for the job and has been instrumental in developing legislation to identify and formalize DHS’ cybersecurity role.
McCaul, in a speech delivered to the Heritage Foundation around the same time that Kelly’s selection leaked out, said one of his top priorities in the coming year will be to complete a reorganization that creates a cybersecurity agency within DHS, and to shore up the department’s legal authority to be the lead player on the issue.
The Texas Republican had hoped to pass such legislation in the lame-duck session, but that effort ran out of time.
McCaul will return to that issue — and also mount a strenuous campaign to clear up his own panel’s role as the prime committee of jurisdiction over DHS – in what is likely to be his final two years as homeland commmittee chairman.
Charlie Mitchell is editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers, and author of “Hacked: The Inside Story of America’s Struggle to Secure Cyberspace,” published by Rowman and Littlefield.
