Last week, President-elect Donald Trump formally nominated former commander of United States Southern Command Gen. John F. Kelly to serve as secretary of the Department of Homeland Security (DHS). In his announcement, he cited Gen. Kelly’s “decades of military service and deep commitment to fighting the threat of terrorism inside our borders.”
Gen. Kelly’s experience overseeing military operations in Central and South America should help the incoming president make good on his campaign promises about border security and immigration. Absent, though, has been substantive dialogue about DHS’s role in protecting the United States from cyber threats.
In an increasingly technological world, it is not only our physical borders that are permeable and vulnerable to unwanted intrusion by those wishing to do our nation harm or influence our institutions. The nation is constantly subject to cyber threats, and our cyber defense must rise to meet these advanced challenges. We know that the vulnerabilities we face are very real and the consequences of data breaches and cyberattacks from enemies foreign and domestic are wide ranging.
Look no further than the latest news about Russia’s alleged role in influencing the outcome of our presidential election. This intrusion came after the massive OPM breach that compromised as many as 21.5 million personal records. Both events made major headlines, but they are just the tip of the iceberg. Addressing these vulnerabilities and rethinking our cyber approach must be priorities as Gen. Kelly transitions into his role as DHS secretary.
As but one example, far too often we are too slow in response and far too limited in approach when a cyber threat arises. We must be faster, and that can only be done by streamlining the process. We need to eliminate silos between agencies in the U.S. government, enabling appropriate levels of incident response to instantly detect and respond to threats to government systems. At the same time, we can and should create the levels of big data collection and analysis necessary to become a proactive force in protecting government systems and infrastructure.
Only in doing so can we protect our political organizations, election systems and the vast amounts of information stored on government servers and communicated over government networks. These are only a few of the known vulnerabilities that DHS has a responsibility to address.
If done properly, any zero-day malware that might be used against the government would have less than a 12-minute dwell time and could be remediated immediately thereafter. The technology already exists to do this. But we are hampered by bureaucracies and a lack of integrated communication between agencies that keeps the dwell time far too high. This allows malware to continue damaging our networks and stealing our data, putting us at prolonged and ongoing risk.
Gen. Kelly has received much media attention for his role in the United States Southern Command, as well as his personal story as a Gold Star father, and for good reason. He has served our country admirably and we trust that he will continue to do so in his new role. He will undoubtedly play a major role in our immigration approach and border security protocols. But as he moves through the confirmation process, we hope that we do not lose sight of the need for progress in the cyber arena to secure our homeland.
DHS has broad jurisdiction and powers to protect our nation against determined and digitally sophisticated adversaries at home and around the world. As we move into the next administration, we must look to use the existing avenues wisely and create new opportunities to improve our cyber readiness. We have a tremendous opportunity to make cybersecurity a priority in the incoming administration and rethink the way we go about protecting ourselves from intrusion and responding to incidents.
We would be remiss not to take it.