If confirmed, DHS nominee to continue with cybersecurity initiatives

Jeh Johnson intends to generally stick to Obama administration's cybersecurity initiatives

If confirmed, Jeh Johnson, the former high-ranking Pentagon official nominated Friday to head the Department of Homeland Security, is not expected to bring much change to the Obama administration's cybersecurity initiatives.

[DHS secretary Napolitano's exit leaves leadership vacuum]

President Barack Obama chose Johnson in part because of his managerial experience as general counsel of the Department of Defense, where he managed 10,000 military and civilian lawyers all over the world with a staff of 100. Johnson will need Senate confirmation to start his new job.

The ability to manage a sprawling bureaucracy is certainly a requirement for DHS secretary. The agency, formed in the wake of the 9/11 terrorist attack in New York, has 10s of thousands of employees and comprises more than a dozen agencies, from the Secret Service and Immigration and Customs Enforcement (ICE) to the Federal Emergency Management Agency.

"Jeh (pronounced "Jay") Johnson brings considerable DOD experience to this job," Stewart Baker, former assistant secretary for policy at DHS, told CSOonline.

"Since the organizational challenges at DHS are exceeded only by the challenges of running DOD, Johnson's on-the-job training at DOD will serve him well."

Johnson's high-profile accomplishments as chief lawyer for the Pentagon during the first term of the Obama administration included his legal authority over all drone strikes and his advocacy for allowing gays to serve openly in the military.

Because the administration has already set cybersecurity policy, Johnson is expected to leave the execution to others.

"He'll certainly appreciate the importance of cybersecurity as an issue, but I think it's too soon to say that he'll take a different approach," Baker said.

"DHS's challenges there are much more about execution than about policy, so I wouldn't expect a great change."

Obama issued an executive order in February that put into play those cybersecurity initiatives that do not need congressional approval. Key elements of the order included a Cybersecurity Framework for setting standards to mitigate risks and having government agencies share cyberattack information with the private sector.

Regulations that would make private sector participation mandatory would have to come from Congress, which is considering several proposals. The DHS plays an important role in advising lawmakers on the administration's positions.

[DHS, FBI warn over TDoS attacks on emergency centers]

Like his predecessor Janet Napolitano, Johnson is expected to make national cybersecurity a top priority at DHS. Napolitano resigned in September to lead the University of California system.

"Cyber will be among one of his top agenda items, no doubt," James Forest, director of the Graduate Program in Security Studies at the University of Massachusetts, Lowell, said.

"Since he's reportedly smart and politically savvy, I would bet he'll surround himself with a bunch of very smart people to tackle these issues."

Critics denounce Johnson for his role in the Obama administration's use of drones in the nation's war on terrorism. As Pentagon general counsel, Johnson said the attacks were legal because the terrorists killed were legitimate targets in a military conflict.

Johnson has said that a time will come when enough Al Qaeda leaders are killed or captured to neutralize the terrorist organization.

"That is delusional because the drone strikes are manufacturing terrorists faster than it is killing them," Peter Ludlow, a professor at Northwestern University who has written extensively on national security issues, said.

Republicans have already gone on the offensive against Johnson, saying he lacks the experience to oversee the three immigration services under the DHS, which include the two enforcement agencies, ICE and Customs and Border Protection, and Citizenship and Immigration Services.

[Plans to centralize cybersecurity with DHS seen as step forward]

"After this administration's mismanagement of DHS, in particular its failure to secure the border, Texans expect a nominee with serious management and law enforcement experience," Sen. John Cornyn, the second-ranking Republican in the Senate, told The Washington Times.

"Rather than selecting someone who knows the unique dynamics of our Southern border, President Obama has tapped one of his former New York fundraisers. We need someone who knows how to secure the border, not dial for dollars."

Johnson was a top fundraiser for Obama's 2008 presidential campaign.

Tags: security, U.S. Department of Homeland Security, government

Vulnerabilities in some Netgear router and NAS products open door to remote attacks

READ THIS ARTICLE
MORE IN Malware / Cybercrime
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Deep Security - Enterprise Virtualization Security

Advanced protection for physical, virtual and cloud servers

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.