Trump Shakeup Impacts Cybersecurity PolicyHeads of DHS, Secret Service Depart Amidst Leadership Shuffle
The exits of the Department of Homeland Security secretary and the Secret Service director are prompting discussion about the continuity of U.S. cybersecurity policy because the agencies play a key role in securing infrastructure and investigating financial cybercrime.
See Also: CISO Stress: Life Inside the Perimeter
DHS Secretary Kirstjen Nielsen tendered her resignation to President Donald Trump on Sunday following ongoing tension over immigration controls. Her tenure was marked by controversy, notably over the agency's separation of migrants from their children.
The New York Times reports that Nielsen and Trump clashed over the president's idea to close entry ports to stop a rising number of migrants seeking asylum. Nielsen resigned after the 30-minute meeting on Trump's request, the publication reports.
DHS does not have a deputy secretary. Trump tweeted that Kevin McAleenan, the commissioner of Customs and Border Protection, would be appointed to succeed Nielsen. But the Times reports that by law, Claire Grady, who is the DHS's acting deputy secretary, would be next in line to be acting secretary.
....I am pleased to announce that Kevin McAleenan, the current U.S. Customs and Border Protection Commissioner, will become Acting Secretary for @DHSgov. I have confidence that Kevin will do a great job!— Donald J. Trump (@realDonaldTrump) April 7, 2019
Along with Nielsen, Trump also has replaced U.S. Secret Service Director Randolph Alles; his successor will be career Secret Service member James M. Murray. The Secret Service plays a role in cybersecurity, particularly its Electronic Crimes Task Forces. Those branches investigate international cybercriminal activity targeting the financial sector, data breaches and other computer crimes.
The leadership shake-up comes as experts warn of an unending wave of hacking activity targeting U.S. companies and expected efforts by other countries to influence the 2020 presidential election. It also comes as the U.S. has undertaken a campaign to strengthen security for critical infrastructure, such as power plants, waste treatment facilities and dams.
Strong Teams Still In Place
Although leadership is important, agencies such as the DHS are the sum of their parts, says William A. Carter, deputy director and fellow at the Technology Policy Program at the Center for Strategic and International Studies.
The DHS still has many qualified staffers, Carter says, including Christopher C. Krebs, who is director of Cybersecurity and Infrastructure Security Agency, and Jeanette Manfra, who is CISA's assistant director for cybersecurity (see: Congress Approves New DHS Cybersecurity Agency).
"It is unfortunate to lose yet another extremely talented cyber expert from this administration," Carter says. "It will be hard to find someone with a similarly strong cyber background to replace her. That said, DHS still has a very strong cyber team who can hopefully keep things moving in a positive direction, and who I hope will have the president's full support."
Tom Kellerman, chief cybersecurity officee for the vendor Carbon Black, offers a similar perspective.
"Nielsen was a champion of cybersecurity," Kellerman says. "This is why she chose Chris Krebs to own the cyber portfolio at DHS. As long as Chris and Jenny Manfra remain in their positions, DHS will continue to proactively civilize American cyberspace."
Still, continuity is often important to extending long-term momentum, particularly for complicated areas such as cybersecurity. That requires strong leadership from someone with a background in cybersecurity, writes Christopher Painter, a former federal prosecutor and coordinator for cyber issues with the U.S. State Department, on Twitter.
Without that, despite good people doing the work there, cyber risks being sidelined as a real priority & that risk is exacerbated by the elimination of the WH Cyber Coordinator. https://t.co/f8r3Y7Gh55— Chris Painter (@C_Painter) April 8, 2019
"Without that, despite good people doing the work there, cyber risks being sidelined as a real priority and that risk is exacerbated by the elimination of the WH [White House] Cyber Coordinator," Painter writes.
In May 2018, the White House eliminated the position of cybersecurity coordinator with the National Security Council, a position that had been held by Rob Joyce, who has now returned to the NSA. The move came at a time of increasing cyber activity by Iran, Russia and China (see: White House Axes Top Cybersecurity Job).
Nielsen: Cyber Successes
Nielsen's resignation letter notes what she says were successes "in transforming DHS to keep pace with our enemies and adversaries - whether it is in cyberspace or against emerging threats from new technologies."
"We have prevented the disruption of U.S. elections and guarded against foreign influence in our democracy," she writes. "We have replaced complacency with consequences in cyberspace, we are holding digital intruders accountable and we are stepping up our protection of American networks."
Nielsen, who became DHS secretary in December 2017, had a background in advising on threats to critical infrastructure. An attorney by trade, she founded Sunesis Consulting LLC, which focused on developing plans and policies for protecting critical infrastructure.
Nielsen also served in President George W. Bush's administration as special assistant to the president for prevention, preparedness and response on the White House Homeland Security Council. The position included developing policies for homeland security.
Her appointment by Trump came at a critical time. The U.S. was still reeling from the conclusion by 17 intelligence and security agencies that Russian President Vladimir Putin personally ordered an interference and hacking campaign designed to sway the 2016 presidential election to President Donald Trump.
As a result, DHS focused its efforts on helping the states secure their election infrastructure, including voter registration rolls, sharing intelligence on threats and helping manufacturers of voting machines (see: Secure 2018 US Elections: It's Too Late).