Ex-DHS officials urge department to double down on its cybersecurity work

The Department of Homeland Security has been the face of some of the Trump administration’s most fiercely criticized policies, from aggressively rounding up migrants to detaining protesters.

A new bipartisan report from former DHS officials suggests the department cut ties with some of the “most partisan” aspects of its work, and redouble its efforts to protect the country from cyberthreats and infectious diseases.

“For the defense of American democracy to succeed, the secretary of homeland security and DHS generally will need to be, to the greatest extent possible, ‘above politics,’” states the report, which the Atlantic Council released Thursday.

The report’s authors — Caitlin Durkovich, a former assistant DHS secretary under President Barack Obama, and Thomas Warrick, who was a DHS counterterrorism official until June 2019 — propose giving some controversial elements of DHS’s portfolio, such as setting the number of immigrant visas, to the White House or another part of the federal government.

The report comes as some private-sector analysts wonder whether the DHS crackdown on protesters in Portland will hinder collaboration between DHS’s Cybersecurity and Infrastructure Security Agency and the white-hat hacking community. Employees at CISA — which works on election security, among other issues — have been keen to differentiate their work from the more incendiary parts of DHS.

Neil Jenkins, a former DHS official in the Obama administration, said CISA had done “an admirable job of staying apolitical in the current environment.” But he worried about the effect that DHS’s other agencies could have on the public’s perception of CISA.

“The less trust the public has in DHS as a whole, the less impact CISA will have,” said Jenkins, now chief analytic officer at the Cyber Threat Alliance, an industry information-sharing group. “Those other agencies in DHS are forcing CISA to work twice as hard to stay above the fray and show the community that they can continue to be trusted. CISA can’t let the security gains its made be undermined by politics.”

CISA officials say their close work with the private sector continues, regardless of the political environment. In recent months, the agency has published multiple guides intended to help companies mitigate cyber risk.

More money never hurts

Whether under another term of President Donald Trump or a new Joe Biden administration, the Atlantic Council report urges CISA to ask Congress for significantly more money and resources to carry out its mission.

DHS, which was cobbled together from 22 different agencies in the aftermath of the September 11, 2001, terrorist attacks, commanded a budget of more than $73 billion in fiscal 2020 and a workforce of 240,000. CISA accounted for about $2 billion of that money, and at least 2,100 of those people, according to budget documents.

But Durkovich and Warrick said more resources are needed. They called on lawmakers to establish a “cyber resilience fund” — akin to one used for natural disasters — that CISA could use to help fortify key sectors against persistent hacking.  “Nothing undermines an adversary’s cyber offensive strategy better than a recovery that happens in hours rather than days,” the report states.

Durkovich and Warrick also suggested CISA make an “emergency supplemental request” to Congress in the first half of 2021 so it can beef up protections for the November 2022 elections. They did not say how much money is needed.

More broadly, the former DHS officials want CISA to continue to assert itself as the lead agency in helping critical infrastructure fend off foreign hacking threats.

“There needs to be clarity—in the White House Situation Room, on Main Street, in Silicon Valley, in the U.S. Congress, and among DHS’s own employees—on which cabinet department leads the defense of the nation against the non-kinetic campaigns now being waged by nation-states determined to undermine U.S. power,” Durkovich and Warrick wrote.

TwitterFacebookLinkedInRedditGmail