Cybersecurity Collaboration Would Be on DHS Agenda
Jeh Johnson has cleared a major hurdle on his way to becoming the next Homeland Security secretary and a chief advocate for the Obama administration’s cybersecurity agenda. The Senate Homeland Security and Governmental Affairs Committee on Nov. 20 approved his nomination on a voice vote.
Though Johnson’s confirmation seems all but certain, it’s unclear when the full Senate will vote on it. That’s because Sen. Lindsey Graham, R-S.C., is threatening to block all nominations until Congress can interview American personnel who were in Benghazi, Libya, on Sept. 11, 2012, when terrorists killed three U.S. diplomats.
Still, Johnson received bipartisan support from committee members, as evidenced by the endorsement of Sen. Tom Coburn, the Oklahoma Republican who is the panel’s ranking member. “I have strong concerns about this department – it’s one of the most dysfunctional departments in government – and I think we’re going to have a good leader that’s going to straighten that out,” Coburn says.
Coburn says he sees the Senate panel and Johnson conducting a “friendly collaboration” on homeland security matters. “We, obviously, don’t share the same views on every area of the homeland security, but I found him an open and honest broker that really wants to solve problems.”
One challenge Johnson and the panel likely will collaborate on is reforming the 11-year-old Federal Information Security Management Act, the law that governs federal government IT security. FISMA reform, as well as other legislation to strengthen the government’s role in securing the nation’s critical IT infrastructure, protecting citizens’ online privacy and promoting cyberthreat information sharing between government and business, have stalled in the past half-decade in the Senate despite growing pressures to address these matters (see Cybersecurity Legislation: What’s Next?).
Johnson, at his confirmation hearing on Nov. 13, promised to fill the large number of senior management vacancies – including cybersecurity positions – as a top priority as DHS secretary (see Johnson Pledges InfoSec Fixes). A Government Accountability Office report in September revealed that one in five mission-critical cybersecurity-related jobs at a key DHS unit were vacant (see DHS’s Huge Cybersecurity Skills Shortage).
If confirmed, Johnson would become the fourth Homeland Security secretary, succeeding Janet Napolitano, who resigned Sept. 6 to become president of the University of California system (see DHS’s Napolitano Resigns: The Impact). Rand Beers is DHS’s acting secretary.
Because of the importance of cybersecurity to homeland security, the DHS secretary becomes one of the administration’s top representatives on securing the government’s and the nation’s IT infrastructure. That role includes testifying before Congress.
Getting DHS House in Order
President Obama has amplified DHS’s responsibilities to oversee implementation of IT security initiatives at non-military, non-intelligence executive branch agencies. He has also designated DHS to serve as a major cybersecurity point of contact with the private sector, including critical infrastructure operators. At his confirmation hearing, Johnson pledged to fix internal cybersecurity problems at DHS before seeking further authority to have the department help other federal civilian agencies in getting their IT security houses in order.
Like Napolitano, Johnson will come to the job without extensive cybersecurity background. Obama picked Napolitano in 2009, in part, because of her involvement with border security as governor of Arizona, a border state. Still, she served as one of the administration’s top cybersecurity advocates, appearing before Congress, hosting cybersecurity sessions at DHS and speaking at cybersecurity events, including the RSA security conference.
Johnson, known as a strong administrator, also will come to the job with limited cybersecurity experience, though he served as the Defense Department’s general counsel when DHS and DoD negotiated a joint approach to defend America’s government, military and domestic IT infrastructure (see DHS, DoD to Tackle Jointly Cyber Defense). He stepped down from that DoD postion last year to return to a private law practice.
Follow Eric Chabrow on Twitter: @GovInfoSecurity