Cybersecurity Depends on Agency Communication

(Illustration: Shutterstock)

Federal leaders emphasized the importance of cybersecurity and partnerships with the private sector at the Aspen Security Forum on July 22.

Secretary of Homeland Security John Kelly said he agrees with the decision of former DHS Secretary Jeh Johnson that made election systems critical infrastructure and told the states that DHS would offer help if they wanted it.

DHS Secretary John Kelly. (Photo: DHS)

“All of the input I get from all of the states are we don’t want you involved in our election process,” Kelly said. “It’s a state responsibility. …We’re not going to take it over.”

Kelly said that DHS “should be” the designated agency in charge of defensive cyber activities. However, there are several agencies within the Federal government, including the Department of Defense, the FBI, and the National Security Agency, that have their own cybersecurity roles, which makes it important for the agencies to communicate with each other.

“The other thing we can do Federally is watch these attacks,” Kelly said. “The name of the game is coordination within the government.”

When the Federal government was monitoring the WannaCry attack, Kelly said that although all of the defense agencies were in the room offering advice, the DHS team was central to the debate.

Kelly plans to visit Silicon Valley to meet with technology executives from companies including Facebook to discuss the implications that cyberattacks and extremist propaganda can have on social media and other popular websites.

“They already do a lot. The partnership is strong. They’re responsible, responsive. So I’m going there first and foremost to say thanks…and then to talk to them as a group about what we can do together to do more. The threat is morphing,” Kelly said. “This is not just about Islamic extremism. This is about neo-Nazis, white supremacists, any group that could–that are–actively trying to recruit young people to get them radicalized.”


What are the early grades on the new administration’s response to the growing cyber threat? How can collaborative tactics and integrated intelligence tools strengthen a proactive cyber defense? Join us at the sixth annual Cyber Security Brainstorm on Sept. 20 at the Newseum to discuss the cyber strategies and opportunities that can keep our Federal government one step ahead at all times. Click here to learn more and register.


 

Kelly said that DHS is working on purchasing new computer tomography technology that can detect explosive devices on laptops and other large electronic devices. The push to obtain this type of technology came after DHS banned passengers from carrying these electronics on overseas flights from specific airports. The backlash from airlines and passengers sparked the need for better detection methods. Kelly said that passengers were still allowed to take laptops in their checked bags because the specific explosive device that DHS was targeting had “no possibility of remote detonation.”

NSA Director Adm. Mike Rogers said that the rate of change in the technology and communications capabilities of the Unites States’ adversaries is the fastest that it has ever been in Rogers’ 31 years in the Federal government. Rogers is also talking to technology companies in Silicon Valley about discouraging extremist language online and how to better cooperate with one another.

“I go out there because I am personally interested in talking to the leadership within the tech sector about given the many challenges we have, encryption is just one of those challenges,” Rogers said. “Given the many challenges we have, both in terms of our desire to generate more knowledge and insight from a foreign intelligence perspective but also our desire to increase the level of cybersecurity for our nation, and the security of the devices and the information that we all use, and in those areas, for example the latter area, we are having great conversations.”

Rogers said that the intelligence community, private companies, and civilians should discuss what the policy should be surrounding encryption.

“Given what we can do, what should we do?” Rogers said. “They are not necessarily the same thing.”

Technology companies could build back doors into encryption or build strong encryption that either allows or blocks the intelligence community’s access to data. Rogers said that the intelligence community shouldn’t be the ones making the decisions about how powerful encryption capabilities should be because the users should decide what level of privacy versus protection they’re comfortable with.

When President Donald Trump met with Russian President Vladimir Putin earlier this month, he exited the meeting and tweeted about ideas to form a joint Cybersecurity Unit between the United States and Russia. After receiving backlash from Republican lawmakers, Trump dialed back this idea, tweeting that he didn’t think it could happen.

“I would argue now is probably not the best time to be doing this,” Rogers said of building a cybersecurity working group with Russia. “On the other hand, perhaps this is something that you could hold out that we might want to build to over time to see changes in behavior.”

Recent