On Tuesday, Secretary of the Department of Homeland Security Kirstjen Nielsen said that “Cyberattacks collectively now exceed the danger of physical attacks … this has forced us to rethink homeland security.” She’s right, and the president, who has downplayed election interference and other cyberthreats, must show more leadership.
Nielsen’s remarks come as DHS announced the National Risk Management Center, which specifically targets cyberattacks on American infrastructure. NRMC is supposed to connect the government and the private sector to better address and prevent breaches of cybersecurity. The center is also meant to be the first point of contact with the government should a company experience a breach.
This is undoubtedly a step in the right direction, as increased threats from cyberattacks on both government functions and private companies require coordination to safeguard critical infrastructure.
Speaking at the same summit, Vice President Mike Pence reinforce Nielsen’s concerns on cybersecurity. He affirmed the conclusion of the U.S. intelligence community that Moscow was responsible for attacks during the 2016 election and that the U.S. needed to take additional steps to increase security. Specifically, he told the audience, “It concerns us some states still don’t have plans to update their voting systems.”
As the 2018 midterm elections loom, election infrastructure in the U.S. is susceptible to a range of attacks — from disinformation campaigns on social media (such as that uncovered yesterday by Facebook) to hacks of voting machines.
Although it is reassuring that the government, or at least Nielsen and Pence, seem to be taking the issue seriously, Trump needs to show leadership on cybersecurity.
So far, though, Trump has spoken little about cybersecurity, contradicted U.S. intelligence reports on interference, and allowed key positions to coordinate cyberdefense to be cut.
In May 2018, his administration cut the White House cybersecurity coordinator position. In July 2017, the State Department, under the direction of then-Secretary Rex Tillerson, had also eliminated its top cyber diplomat position. Trump has also repeatedly pushed back on assertions of Russian interference in the election and only acknowledged meddling from Moscow in the wake of his disastrous Helsinki performance.
Those actions do not show leadership or reassure anyone that the White House is worried about the threat of cyberattacks.
Instead, Trump should take a firm line against cyberattacks and those who perpetrate them as Nielsen and Pence did at the cybersecurity summit. He should also ensure that there is there are effective deterrence strategies, clear channels for coordination among agencies and the public and private sector, move quickly to identify vulnerabilities in election infrastructure and establish clear repercussions for those found interfering.
Nielsen is right that cyberattacks must be taken seriously as threats to national security. That warning, and a clear response, must not only come from DHS but also from President Trump.
