Communications Litigation Today was a Warren News publication.
‘Serious’ Cyberattack Likely

Napolitano’s DHS Successor Will Influence Agency’s Course on Cybersecurity, Experts Say

Outgoing Secretary of Homeland Security Janet Napolitano said Tuesday that her successor will need to continue tackling cybersecurity issues, because the U.S. “will, at some point, face a major cyber event that will have a serious effect on our lives, our economy, and the everyday functioning of our society.” Although the Department of Homeland Security has “built systems, protections and a framework to identify attacks and intrusions, share information with the private sector and across government, and develop plans and capabilities to mitigate the damage, more must be done, and quickly,” Napolitano said in a speech at the National Press Club. Napolitano is resigning in late September to become president of the University of California system (CD July 15 p4). President Barack Obama has not yet named his nominee to take over permanently for Napolitano. Experts told us that whoever replaces Napolitano will set the course for the agency’s involvement in cybersecurity issues.

Senate Homeland Security Chairman Tom Carper, D-Del., is “eager to move forward with the nomination process once a nominee is named, but we don’t have a date scheduled at this time,” a committee aide told us. If the Senate doesn’t confirm a nominee by the time Napolitano officially leaves, acting Deputy Secretary Rand Beers would take over as acting secretary. Beers has experience in counterintelligence and counterterrorism, “so it wouldn’t be hard for him to pick up the cyber portfolio,” said James Lewis, director of the Center for Strategic and International Studies’ Technology and Public Policy Program.

The White House has not officially named any of the contenders to replace Napolitano, though media reports have offered up a long list of possible candidates. The White House did not comment. Lewis told us industry insiders have mentioned former New York City Police Commissioner Ray Kelly and former Senate Homeland Security Committee Chairman Joseph Lieberman, I-Conn., as possible contenders. Other candidates being mentioned include Beers and former Deputy Secretary Jane Holl Lute. Lieberman and Lute “already have a strong background in cybersecurity, they're people who are known to have expertise on those issues,” Lewis said.

Napolitano’s replacement “doesn’t have to be a cybersecurity guru,” said Chad Sweet, CEO and a co-founder with a former DHS secretary, Michael Chertoff, of the Chertoff Group. “The secretary’s role requires managing risk across a number of vectors,” Sweet said. “But it does need to be someone who appreciates the severity of cybersecurity risk.” The big question is whether “the next secretary will continue to share the sense of urgency that this threat poses to the U.S.,” he said.

Cybersecurity has always been a difficult issue for DHS, because it is “a law enforcement agency by culture,” Lewis said. The next DHS secretary will need to decide whether the agency will “go with the flow and de-emphasize cybersecurity and give law enforcement a higher level of attention, or do they try to expand and re-energize the cyber portfolio,” he said. “There are people at DHS who would like to do that, but what matters is whether the secretary is on board for that."

Some at DHS see an opportunity to increase the agency’s role in cybersecurity, because of the fallout from the leaks on controversial National Security Agency surveillance of domestic communications, said Lewis. “To take advantage of that opportunity, they're going to have to show people that they're going to increase their ability to actually do something in cybersecurity.” The extent to which DHS is able to aid industry adoption of the forthcoming Cybersecurity Framework, being co-developed by the National Institute of Standards and Technology, “will be important for determining how successful they're going to be in the future,” he said.