The Department of Homeland Security’s planned July 31 cybersecurity summit in New York City offers a chance for the agency to underscore its central role on cyber policy.
It could also give Secretary Kirstjen Nielsen a badly needed win in her strongest policy area, amid intense criticism of her role in controversial immigration efforts.
Nielsen has emerged as a vocal defender of President Trump’s policies at the U.S.-Mexico border, which has led some congressional Democrats to call for her resignation while others say she has permanently damaged bipartisan ties on Capitol Hill. The secretary had been sharply criticized by Trump for not being tough enough on the border.
The immigration uproar threatens to pump the brakes on legislation reauthorizing DHS for the first time in its history and clarifying its cyber authorities. It’s a scenario that Senate Homeland Security and Governmental Affairs Chairman Ron Johnson, R-Wis, desperately tried to avoid this spring.
“The other side is going to want to bring up the whole immigration debate, unlike in our committee, where committee members just decided how important authorizing DHS was, and so they laid aside any kind of controversial amendments, just to concentrate on the areas of agreement,” Johnson said this month.
“No question that by inserting herself so forcefully in the immigration debate, and angering pro-immigration advocates, she risks politicizing her broader agenda, including cyber,” an industry observer said. “It’s conceivable that she will be viewed as expendable if and when the administration is looking for another scalp.”
With those tensions mounting, private-sector sources said Nielsen is pushing hard for a high-profile July 31 cyber event. Some sources have said appearances by the president or vice president have been floated as a possibility.
But Nielsen’s first step inolves enlisting participation by high-profile executives from industries on the front lines of the cybersecurity battle.
Details have yet to be publicly announced and may be forthcoming this week. According to sources and information DHS has shared with industry-based “sector coordinating councils,” Nielsen will formally open the summit with a roundtable, where she will be joined by CEOs who lead companies from the communications, electricity, financial services, information technology and transportation industries.
“The roundtable hopes to further a substantive discussion on collective defense — how government and private sector stakeholders can best work together to manage systemic risk and protect critical national functions,” wrote a DHS official, in a note circulated to sector coordinating councils last week. “The roundtable conversation is intended to be free flowing and to engage all participants.
“Specifically, the Secretary hopes to facilitate conversation around: Cross-sector collaboration; Systemic risk management; The role of the government — how DHS can best serve our private sector partners,” the note says. “DHS asks that the Sector Coordinating Councils work within their existing structures to identify CEOs of current member companies that are available, willing, and eager to participate in this July 31st roundtable with Secretary Nielsen.”
Coming just over 14 months after Trump’s cyber executive order, the summit could be viewed as similar to gatherings sponsored by the Obama administration, for example, the release of the framework of cybersecurity standards in 2014, or a 2015 event at Stanford University to unveil an executive order on information sharing.
The latter event, one industry source said, was also put together on a short deadline perhaps resembling the process around this one in which DHS leadership has essentially created an eight-week window to pull off a major public-private undertaking.
“Having a Cabinet-level cybersecurity event at this stage is very appropriate and welcome,” Internet Security Alliance President Larry Clinton said. He noted that DHS and the administration, through Trump’s 2017 cyber executive order and a series of subsequent reports, are “developing a more sophisticated model to understand cybersecurity” through a risk-management lens, which he said is “very good.”
“These things have been put on the drawing board and deserve to be further developed and highlighted,” Clinton said, adding that “bringing in CEOs is good.”
But pulling off a successful event on a tight deadline — basically, DHS gave itself eight weeks from start to finish to pull this together — is especially important to Nielsen.
This all comes as DHS is trying to more forcefully assert its strategic role on cyber, a campaign bolstered by the Senate’s recent confirmation of Chris Krebs as DHS undersecretary for cyber.
At recent events, both Krebs and Assistant Secretary for the Office of Cybersecurity and Communications Jeanette Manfra described the department’s evolving role and a sharper definition of its cyber strategy.
On June 13, the morning after the Senate confirmed Krebs, the undersecretary underlined his point at a conference. “There is a nasty rumor in town that there is no cybersecurity leadership. [But] there is a plan … there is a strategy.”
The next day, Krebs said: “The priority I’m placing across the organization, is that we are going to operate based on a set of requirements identified by our stakeholders, period, full stop. Define a requirement that builds the demand signal, and I can align resources against it, because why else are we here except to respond to the requirement that comes from the critical infrastructure community?”
At an event, Manfra said, “Everyone is thinking about that individual risk. We need to understand national risk, and so the approach that we’re beginning to take is we’re thinking about the concept around what we’re calling national critical functions.”
ISA’s Clinton saluted DHS for more clearly defining its focus on risk management and prioritization, but other industry sources have said the recent release of reports mandated by Trump’s cyber executive order still don’t add up to a national strategy.
“All of this still needs to be drawn into a coherent policy,” said a financial sector source. “It comes down to implementation and there are still a lot of holes on implementation.”
At the same time, the source said the finance sector will participate in the cyber summit, which will come as good news to Nielsen.