DHS Secretary Seeks Help from Tech Sector to Fight Cyberthreat"The Government, God Knows, Can't Do It by Itself," John Kelly Says
John Kelly, in his first speech as the U.S. homeland security secretary, says the American government can't combat the cyberthreat without the active cooperation of the private sector.
See Also: A CISO's Guide to Communicating Risk
"The government, God knows, can't do it by itself," Kelly said in a question-and-answer session following his speech at George Washington University on April 18. "In fact, probably, [we] could do it less capably if it didn't employ ... couldn't do it as well if it didn't have these partnerships with the commercial realm that I think should get better and better and better and better. "
The DHS secretary said he recently met with the leaders of Microsoft at its Redmond, Wash., headquarters and "they're very, very interested in partnering as we are."
Kelly praised his boss, President Donald Trump, for reaching out to Silicon Valley to jointly develop policies to address the cyberthreat: "It's nonstop, relentless, and as I say, President Trump is taking that on, and is organizing, certainly, some internal commission kind of thing to look at it."
The retired 4-star Marine Corps general did not provide details on the internal commission. ISMG queried the White House and DHS media offices about the internal commission. The White House, in an email response, said it would let DHS clarify Kelly's remarks. As of the posting of this article, DHS had not yet replied.
In mid-December, about five weeks before his inauguration, Trump met with leading technology company CEOs, but that session focused on boosting the prospects of the high-tech industry and not how the sector could collaborate with the government to battle the cyberthreat, according to a transcript of the meeting. "I'm here to help you folks do well," the then-president-elect told the executives.
Awaiting Cybersecurity Executive Order
On the delayed issuance of a presidential executive order on cybersecurity, Kelly gave no hint when it might be issued. "I'm standing by with baited breath," he said.
At least three versions of the executive order have circulated. The latest version, revised in early March, would direct the federal government to take a risk-based approach to IT security and hold cabinet secretaries and agency heads responsible for the security of their organizations' IT assets (see Latest Executive Order Draft Promotes Risk-Based Approach).
DHS is the federal department charged with safeguarding the information systems of the government's civilian agencies as well as the nation's critical IT infrastructure. In the Q&A, interviewer Frank Cilluffo, director of GWU's Center for Cybersecurity and Homeland Security, asked how Kelly would prioritize DHS's defense of critical infrastructure. "If everything is critical, nothing is critical," Cilluffo said, noting that 17 sectors have been designated as critical. "When you start looking at limited resources, unlimited risk and a thinking enemy, where are you going to prioritize your resources?"
In responding, Kelly never addressed which critical sectors DHS would prioritize, but instead began to discuss the collaboration with the private sector. Later, the secretary said, "You can't protect everything."
Protecting Electoral System
Kelly briefly addressed the designation by his predecessor, Jeh Johnson, of America's mostly state-run electoral system as critical infrastructure. Some states have complained that the designation means the federal government seeks a takeover of the election process, which Johnson vehemently contested. Like Johnson, Kelly said the designation means that the federal government would merely offer states additional help to safeguard the electoral process.
"That's controversial; I've tried to explain to people why he did it, and what it really does mean. But, you know, it's another one of those, 'Hey, we're from the federal government; we're here to help.' Generally, when I say that, by the way, most people head for the doors and they should," Kelly said, with a slight smile and a smattering of chuckles emanating from the audience. "But, the reality is that we're from the federal government on this and we're here to partner."
According to a resolution from state officials seeking Kelly to rescind Johnson's designation, Kelly indicated at a Feb. 7 House hearing that he would uphold his predecessor's decision (see States: Rescind Electoral Critical Infrastructure Designation).
Kelly also said he's impressed with Congress' interest in cybersecurity, especially House Homeland Security Chairman Mike McCaul, R-Texas. "He and his staff (are) extremely knowledgeable, very engaged as is other aspects of Congress," Kelly said, suggesting the executive and legislative branches would cooperate on cybersecurity matters. "Eventually, with the way the president is going, it will be a whole of government and a whole of the private realm, as well."