TRENDING:

Senate Panel OK's Johnson to Lead DHS

Cybersecurity Collaboration Would Be on His Agenda Eric Chabrow (GovInfoSecurity) • November 20, 2013    
Senate Panel OK's Johnson to Lead DHS
Jeh Johnson

Jeh Johnson has cleared a major hurdle on his way to becoming the next Homeland Security secretary and a chief advocate for the Obama administration's cybersecurity agenda. The Senate Homeland Security and Governmental Affairs Committee on Nov. 20 approved his nomination on a voice vote.

See Also: Small Business. Large security risks.

Though Johnson's confirmation seems all but certain, it's unclear when the full Senate will vote on it. That's because Sen. Lindsey Graham, R-S.C., is threatening to block all nominations until Congress can interview American personnel who were in Benghazi, Libya, on Sept. 11, 2012, when terrorists killed three U.S. diplomats.

Still, Johnson received bipartisan support from committee members, as evidenced by the endorsement of Sen. Tom Coburn, the Oklahoma Republican who is the panel's ranking member. "I have strong concerns about this department - it's one of the most dysfunctional departments in government - and I think we're going to have a good leader that's going to straighten that out," Coburn says.

Coburn says he sees the Senate panel and Johnson conducting a "friendly collaboration" on homeland security matters. "We, obviously, don't share the same views on every area of the homeland security, but I found him an open and honest broker that really wants to solve problems."

FISMA Reform

One challenge Johnson and the panel likely will collaborate on is reforming the 11-year-old Federal Information Security Management Act, the law that governs federal government IT security. FISMA reform, as well as other legislation to strengthen the government's role in securing the nation's critical IT infrastructure, protecting citizens' online privacy and promoting cyberthreat information sharing between government and business, have stalled in the past half-decade in the Senate despite growing pressures to address these matters (see Cybersecurity Legislation: What's Next?).

Johnson, at his confirmation hearing on Nov. 13, promised to fill the large number of senior management vacancies - including cybersecurity positions - as a top priority as DHS secretary (see Johnson Pledges InfoSec Fixes). A Government Accountability Office report in September revealed that one in five mission-critical cybersecurity-related jobs at a key DHS unit were vacant (see DHS's Huge Cybersecurity Skills Shortage).

If confirmed, Johnson would become the fourth Homeland Security secretary, succeeding Janet Napolitano, who resigned Sept. 6 to become president of the University of California system (see DHS's Napolitano Resigns: The Impact). Rand Beers is DHS's acting secretary.

Because of the importance of cybersecurity to homeland security, the DHS secretary becomes one of the administration's top representatives on securing the government's and the nation's IT infrastructure. That role includes testifying before Congress.

Getting DHS House in Order

President Obama has amplified DHS's responsibilities to oversee implementation of IT security initiatives at non-military, non-intelligence executive branch agencies. He has also designated DHS to serve as a major cybersecurity point of contact with the private sector, including critical infrastructure operators. At his confirmation hearing, Johnson pledged to fix internal cybersecurity problems at DHS before seeking further authority to have the department help other federal civilian agencies in getting their IT security houses in order.

Like Napolitano, Johnson will come to the job without extensive cybersecurity background. Obama picked Napolitano in 2009, in part, because of her involvement with border security as governor of Arizona, a border state. Still, she served as one of the administration's top cybersecurity advocates, appearing before Congress, hosting cybersecurity sessions at DHS and speaking at cybersecurity events, including the RSA security conference.

Johnson, known as a strong administrator, also will come to the job with limited cybersecurity experience, though he served as the Defense Department's general counsel when DHS and DoD negotiated a joint approach to defend America's government, military and domestic IT infrastructure (see DHS, DoD to Tackle Jointly Cyber Defense). He stepped down from that DoD postion last year to return to a private law practice.

Previous
Stratfor Hacker's Sentence: An Analysis
Next
Shaming China to Stop Hacks Doesn't Work

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.