This report first appeared on CyberScoop.
By picking retired Marine Gen. John Kelly as secretary of Homeland Security, President-elect Donald Trump has amplified concerns about DHS’s role in defending the nation in cyberspace under his administration.
With the department’s new leaders expected to focus heavily on border and immigration security — and the incoming administration seemingly determined to unleash the capabilities of the military and the NSA in cyberspace — many insiders fret that cybersecurity will take a back seat at DHS.
In formally naming Kelly on Monday, Trump called him “the right person to spearhead the urgent mission of stopping illegal immigration and securing our borders, streamlining [the Transportation Security Administration] and improving coordination between our intelligence and law enforcement agencies.”
Trump lauded his “decades of military service and deep commitment to fighting the threat of terrorism inside our borders,” and the statement mentions his leadership of interagency drug and human trafficking interdiction efforts on the southern border.
There is no mention of DHS’s congressionally mandated role as the lead civilian agency responsible for U.S. cybersecurity.
This may not be an oversight.
“This administration will take border security very seriously indeed,” said Texas GOP Rep Michael McCaul, chairman of the House Homeland Security Committee, “That will be the first priority right out of the gate.”
But former officials say it will come at the expense of the department’s other priorities — including especially cybersecurity. And, privately, people involved with the Trump transition say there is talk that the new administration should “unleash” the military and the intelligence community in cyberspace.
Hawkish conservatives, like onetime Trump transition figure former Rep. Mike Rogers, have warned that the U.S. is “not putting its best players on the field” in cybersecurity because of restrictions on the NSA’s role in cyber-incident response.
The Trump transition press office did not respond to requests for comment.
Connections vs. priorities
One former senior Bush administration DHS official told CyberScoop that Kelly should “aggressively fight to be a leader on cyber,” in the new Cabinet. “DHS needs to build relevant programs that have value to its private-sector partners,” said James Norton, now president of his own consultancy Play-Action Strategies.
Kelly’s background could “immediately help to build bridges with the DOD and intelligence community agencies that are more organized and better funded when it comes to cybersecurity,” added Norton.
The problem, pointed out another former senior DHS official, is that Kelly will face pressure to prioritize immigration and border enforcement above all else.
John Cohen, who held several posts in the department during the Obama administration, added: “DHS is not the department of border and immigration security, it has a very broad mission set” stretching from countering home grown terrorism to improving disaster response and resilience, ensuring the security of the nation’s ports and waterways and, of course, cybersecurity.
“His challenge,” he said of Kelly, “will be serving as a champion and supporter of all of those diverse missions while dealing with [that] pressure from the White House.”
For instance, it takes six to nine months to recruit, select, background check, hire and train a new agent for U.S. Immigration and Customs Enforcement — the agency responsible for tracking down and deporting illegal immigrants.
“If the new administration wants to make a difference on day one, the only way to do that is to reassign ICE agents currently working other missions” like counter-proliferation, counter terrorism, and cybercrime.
“Cybersecurity is at or near the top of the list in terms of our priorities” at DHS, Secretary Jeh Johnson said when asked last week about the issue.
He warned the new administration against losing focus on the issue, “DHS is positioned to be the federal civilian agency that deals with cybersecurity … it needs to be a top priority on a bipartisan basis.”
Cohen is skeptical about a greater role for the military and the NSA in cybersecurity, pointing out that the debate over their role long predates DHS.
“This whole discussion has been going on since the 1980s,” he said, pointing out it has repeatedly been resolved in favor of civilian agencies.
If the new administration is “interested in shifting those responsibilities, they will face the same resistance,” he said, “Private-sector folks are very resistant to turning the security of civilian networks over to NSA.”
“You can’t militarize cyber,” said former Rep. Jane Harman, who was the senior-most Democrat on the House Intelligence Committee for many years. She said a civilian agency was needed to protect the private sector.