The Department of Homeland Security is charged with supporting all of the designated “critical infrastructure” cybersecurity functions in the U.S., from financial services to electricity, nuclear and water facilities. The U.S. Secret Service investigates a significant portion of the country’s private-sector cyberthreats — with remit over all of those that involve financial fraud.
Both are facing abrupt leadership vacuums following the resignations of DHS Secretary Kirstjen Nielsen and Secret Service Director Randolph “Tex” Alles. The moves echo similar turmoil at the FBI, which has also seen the departure of several top cybersecurity leaders following the exit of former Director James Comey.
The departures could create greater weaknesses in the government’s ability to respond to cyberthreats, as agencies already faced with a shortfall of qualified candidates for entry- and mid-level cybersecurity jobs now will have to contend with significant top-level leadership shifts involving the same functions.
The departure also comes as the U.S. is trying to unite its private-sector and government security efforts into a more streamlined approach. The lynchpins for this effort are DHS, the Secret Service and the FBI.
Much of Nielsen’s tenure focused on DHS’ role as an emerging partner to local electoral offices, companies and other agencies throughout the U.S. It’s a tenuous public-private relationship that can’t exist, by design, between other government agencies, such as the National Security Agency or CIA, and U.S. corporations, nor with the cyber functions in branches of the armed forces.
Those agencies have access to threat data that is typically classified, making it difficult to share with the private sector. But DHS, alongside counterparts in the Secret Service and FBI, have been trying to set up a variety of programs to combat this disconnect.
It was a role for which Nielsen was especially well-suited. She has a background in both cybersecurity and private-sector risk, a rarity for a public official at that level of government, where having 10 years or more of cybersecurity experience almost always involves military service. She spent nearly seven years at the Center for Cyber and Homeland Security, a strategic think tank at D.C.’s George Washington University, and she previously worked on risk and resiliency initiatives at the World Economic Forum.
She presided over a DHS that made real progress in persuading state attorneys general to collaborate on sharing threat information on elections hacking.
She oversaw the launch of a renamed internal agency known as CISA, or the Cybersecurity and Infrastructure Security Agency. The agency is meant to assist in defending the computer networks of civilian organizations and will continue to be overseen by Christopher Krebs, who was appointed to head it in June 2018.
The need for defending civilian networks has been amplified in recent years given a wave of breaches, reconnaissance and espionage against private-sector companies by foreign nations. Marriott and Equifax are two examples. So are the attacks against corporate suppliers of technology and data for elections or of equipment and software to dams and energy companies.
While Alles didn’t have the security background that Nielsen did — his background was with Customs and Border Patrol — his tenure saw significant progress on cyber investigations in which the Secret Service played a key role. These included a crackdown on hacking of the Securities and Exchange Commission and financial-sector law firms by overseas inside-traders.
The U.S. government had a hard time attracting cybersecurity talent even before these issues, instead relying heavily on contractors as it competes with higher-paying private enterprises. The agencies’ prime advantage has traditionally been that they offered more stability. But with these leadership shifts and the extended shutdown earlier this year — which also disrupted the agencies’ college cybersecurity recruitment efforts — the agencies may face even more struggles in the marketplace for cyber talent.
