Recently, the Secretary of the Department of Homeland Security, Janet Napolitano spoke about the continuing need to work out how the Department of Homeland Security will interface with the Department of Defense in the cyber security realm.  The announcement of US Cyber Command under the command of LTG Keith Alexander (the Director of the National Security Agency), while bringing some resolution within DoD, has only added angst in DHS.  They see themselves slipping further behind DoD in cyber security abilities.

DHS still has the lead for the US Government in the cyber arena.  That responsibility is a hold over from the Bush Administration.  Many experts feel that since DHS could not gain sufficient traction in this area, they should have the duty removed, and given to someone else in the government.  Solutions mentioned have been giving it to DoD, DoJ, the Intel Community, a new department altogether, or putting it directly under the Executive Office of the President.  Napolitano, to her credit has not been sitting idly by until a decision is made.  Her attitude is “we have it until the President says otherwise, so we’ll keep working to fix it.”  This is the correct view, and if she can make progress, cyber security just might stay in DHS.

All that said, the ability of DoD to make big decisions and execute organizational shifts expeditiously gives them an “advantage”, even if they are not looking for one.  DoD realized it needed to have a locus of responsibility and operations within the military structure, and created it.  Since internal “debate” is generally streamlined by DoD’s culture and ethos, they tend to jump ahead of their civilian counterparts in these sorts of situations.  US Cyber Command will add to Defense’s massive capabilities, a structure that will make them the most mature cyber operation in government.

This does not mean that DoD should run the cyber programs for all of the Nation, or even for all the government.  Frankly, they should not be the lead.  They can and should make their enormous abilities available to DHS as a support, so that DHS does not have to try and recreate those capabilities.  That would be foolish and wasteful at a time when waste in government must be curtailed.  The two behemoths of the Executive Branch must devise a way to work together.

Napolitano has mentioned looking at a joint departmental center thru which the two can constructively interact and leverage their abilities.  This is a move in the right direction.  She has also noted that many citizens have worries about the military mucking about in the civilian networks of the country.  So, one of the biggest challenges is to set up a organization that has the policy and legal underpinnings that will allow for the legitimate use of DoD’s “power,” but in a manner that is completely controlled by the civilian authorities of DHS.  The Obama Administration is committed to protecting the privacy of the private citizens and the private sector, and this is a paramount issue for them in this debate.

The Secret Service is playing a lead role in the newest DHS efforts.  This is also a good step.  DHS is using one of its own law enforcement organizations (vice the FBI in DoJ), one with a history of tackling thorny and eclectic issues, to face this one.  At the same time, they realize that this cannot be addressed as a normal law enforcement threat.  It is too wide and pervasive, and covers too many organizations and entities.  There must be a wider response, and they are moving to develop one.

In the same way DoD coordinates with DHS, and provides assets and support for any number of situations (floods, wild fires, hurricanes, border issues, terrorist attacks), they should play a supporting role in cyber security.  This will not hinder DoD’s ability to protect the “.mil” domain, but will allow for the lessons learned in that more restricted area to be properly applied to the wider “.gov” and “.com” domains.  At the same time, the qualms of privacy advocates can be addressed coherently.

The exact structure thru which the coordination and support will flow remains to be developed (although most of us wish it would be soon), but the basic paradigm of DHS lead, DoD support, is the best option.  Our citizens do not want DoD (or the Intel Community) owning and running the security of the networks of the Nation, that should be done by civilian organization.  Like it or not, DHS is the best choice; but admittedly, they have a lot of growing to do.  Let’s stop debating, and get about the business of nurturing and fostering that growth. The Nation is depending on it.

“In this post, I erroneously refered to Secretary Janet Napolitano as the Secretary of the Department of Homeland Defense.  Her correct title is obviously Secretary of the Department of Homeland Security.  I regret my inattention to detail.  Steve Bucci”

Dr. Steven Bucci is director of the Allison Center for Foreign Policy Studies at The Heritage Foundation. He was previously a lead consultant to IBM on cyber security policy. Bucci’s military and government service make him a recognized expert in the interagency process and defense of U.S. interests, particularly with regard to critical infrastructure and what he calls the productive interplay of government and the private sector. Read More