Homeland Security Secretary John Kelly engaged in a clean-up operation last week on Capitol Hill over the bumpy rollout of a Trump administration cybersecurity executive order that, in draft form, raised extensive jurisdictional and policy concerns.
The executive order is expected to launch a far-reaching review of the security of federal computer networks, kick off a revised process for modernizing the government’s technology and set up a new process for protecting the private sector’s critical infrastructure. It also includes specific references to assessing vulnerabilities of the electric grid and the defense industrial base.
The retired Marine Corps general was before the House Homeland Security Committee on Feb. 7 to discuss border security, but cybersecurity was also on the panel leaders’ minds.
“I would hope this executive order coming down on cyber is done in coordination with this committee,” Homeland Security Chairman Michael McCaul, R-Texas, told Kelly.
McCaul noted two major reforms passed by Congress in recent years — one on DHS’ role in securing federal networks and another on cyber information sharing — and suggested he would be vigilant in ensuring the department’s position isn’t diminished.
“I’d hate to see any executive order come down that is inconsistent with current law,” McCaul said. “I think it would cause a lot of problems and a lot of consternation with the members who have worked so hard to get this done.”
An initial draft version of the order was leaked in late January, sparking concern among lawmakers who hadn’t been consulted about the document. Trump administration officials quickly walked back that version, and a substantially rewritten document made the rounds last week.
“There was a kind of a draft EO that had been leaked some time ago — a week or so ago,” Kelly told the homeland panel. “I can tell you that — that the EO that’s being contemplated is vastly different than that. I don’t know whose work that was, but it did send shivers to a lot, my own organization included. So we’re working with — we are working with the White House, we will work with the Congress, of course, to make sure that going forward that EO says the right thing and gets at the right problems.”
“We don’t want to relitigate old battles,” McCaul replied, a veiled reference to jurisdictional struggles between his committee and others over the cybersecurity authority of DHS and other agencies.
Overall, Kelly’s interactions with the committee were positive and he stressed his commitment to working with Congress, other agencies and the private sector.
“President Trump has ordered a complete top-to-bottom relook on cyber,” Kelly testified. “That will include all stakeholders, and hopefully we’re going to bring in — and have been I think, successfully in bringing in the private community.”
The effort to push out the executive order kept cyber policy in a state of suspended animation for several weeks as stakeholders awaited word on the White House’s priorities.
The early-session congressional hearings on cybersecurity that have been a mainstay in recent years appeared to be on hold, although the Senate Armed Services Committee held a closed hearing on cyber threats last week and the House Science Committee will hold a hearing on U.S. cyber capabilities on Feb. 14.
The executive order will also kick off a review of both government and private-sector cybersecurity that could help frame the issue — and possible policy options — in much the same way that a 2009 review by former White House adviser Melissa Hathaway did for then-President Barack Obama.
Hathaway, who worked in the George W. Bush White House and was kept on to help orient the Obama administration’s efforts, spelled out the basics of an approach that would undergird Obama’s first major speech on cybersecurity in May 2009.
It is unclear if this executive order and review have a similar impact on the direction of policy.
Charlie Mitchell is editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers, and author of “Hacked: The Inside Story of America’s Struggle to Secure Cyberspace,” published by Rowman and Littlefield.
