In his first major policy address since becoming the nation’s fourth secretary of homeland security, Jeh Johnson outlined the Department of Homeland Security’s detailed legislative agenda for cybersecurity and pledged to build a stronger relationship with private sector owners and operators of the nation’s critical infrastructure.
“A cliché too often used is that we are in a time of transition,” Johnson said, speaking at the Woodrow Wilson International Center in Washington, D.C. “The Department of Homeland Security must always be in a time of transition. We must stay one step ahead of the next terror attack, the next cyber-attack and the next natural disaster.”
“The key to the government’s efforts is to build trust with the private sector and attract the best and the brightest from the private sector to come work for us,” Johnson said. Next week, Johnson said, he and the newly appointed deputy undersecretary for cybersecurity, Phyllis Schneck, are going on “a talent search” to Georgia Tech to recruit more cybersecurity workers.
But Johnson acknowledged DHS will need help from Congress to continue its progress in cybersecurity. He said the department’s basic legislative goals are to obtain new hiring and compensation authorities to recruit cybersecurity talent; modernizing the Federal Information Security Management Act to better reflect new technological realities; obtaining clarity and codification of DHS’ additional responsibilities to protect federal civilian networks from cyber-attacks; gaining legal clarity on DHS’ ability to provide cybersecurity assistance to private entities when requested; creation of a legal framework for cybersecurity information sharing between the private sector and the government; and the passage of enhanced criminal penalties for cyber-crimes.
“We could also support some form of limitation on potential civil liability for private sector entities, provided it is narrow and targeted in a way necessary to protect networks,” Johnson said.
But a major challenge for Johnson remains the lingering perception among private companies that DHS is not well managed, is too big and cannot be trusted to handle private data. Johnson said he is aware of these criticisms, but that the key to this dilemma is what he called “visible leadership” in cybersecurity.
“We have to be fairly transparent … so that we build trust,” Johnson said.
Johnson’s main remarks lasted only 30 minutes, during which he made only a minor reference to concerns about privacy and civil liberties.
“In the name of homeland security, we cannot sacrifice our values as a nation,” Johnson said. “We can build more walls, install more screening devices, ask more questions, expect more answers and make people suspicious of each other, but not at the cost of who we are as a nation of people who cherish privacy and freedom.”