DHS's Napolitano Resigns: The ImpactSecretary Leaving to Head University of California System
The resignation of Janet Napolitano as homeland security secretary could have an adverse impact on the nation's cybersecurity policy, at least temporarily, considering the posts of deputy secretary and deputy undersecretary for cybersecurity remain vacant.
See Also: 57 Tips to Secure Your Organization
"It is never good when leadership positions are vacant, as there is a loss of momentum for any initiatives under way," says Karen Evans, who served as de facto federal chief information officer in the George W. Bush White House.
Napolitano announced on July 12 that she is leaving as homeland security secretary to become chancellor of the University of California system. She plans to leave the department by early September, according to a letter she sent to staff.
Deputy Secretary Jane Holl Lute and Deputy Undersecretary for Cybersecurity Mark Weatherford resigned this spring [see DHS's Mark Weatherford Resigning]. Unlike the secretary and deputy secretary positions, Weatherford's former job does not require Senate confirmation. That means a candidate for that job could be named before Napolitano departs.
"They have candidates for all the positions and are very close to announcing selections," says James Lewis, senior fellow at the Center for Security and International Studies, a Washington think tank. "All the selections are good."
Meeting Milestones, Remaining Calm
Patricia Titus, the onetime chief information security officer at DHS's Transportation Security Administration, says the acting officials are performing excellently in their temporary roles. "The career employees have been meeting milestones, remaining calm and carrying on with the work at hand," Titus says. "Filling these key roles will be imperative, however, there certainly are still great people working hard."
Rand Beers, undersecretary for national protection and programs, is acting deputy secretary; Bruce McConnell, senior counselor for cybersecurity, is filling Weatherford's old job temporarily; and Bobby Stempfley, deputy assistant secretary, is the interm assistant secretary for cybersecurity and communications, replacing Michael Locatis, who resigned in January [see DHS Losing a Senior Cybersecurity Leader].
Jay Carney, the president's press secretary, says he has no names to float for a Napolitano replacement. "The president will be very deliberate about looking at potential successors for that very important position," he says.
During Napolitano's tenure, cybersecurity became a national priority and a core mission at DHS. Here's how Napolitano put it in her third annual address on the state of homeland security delivered in February:
"There's perhaps no better example of how DHS has evolved to address new and evolving threats than the issue of cybersecurity. The cyber realm wasn't even a major focus of the early department. Now, it is one of our five core mission areas."
Sen. Jay Rockefeller, the West Virginia Democrat who has cosponsored comprehensive cybersecurity legislation, worked closely with Napolitano, "particularly when few people were thinking about this issue. It took no time for her to understand the enormous consequences of inaction."
Cybersecurity should play a significant role during confirmation hearings for Napolitano's and Lute's successors. Questions from senators could focus on the role of government and DHS in protecting the mostly privately owned national critical infrastructure.
"However, I don't expect that any serious nominee will have trouble with these questions, in light of the conventional wisdom about the importance of the private sector leading the way," says Allan Friedman, research director of the Brookings Institution's Center for Technology Innovation.
Another line of questioning could focus on recent disclosures about National Security Agency programs collecting information on American citizens. "We can expect questions about how they will work with the defense and intelligence community, but I would be surprised if this became a serious political obstacle," Friedman says.
A Top Spokesperson
Since her confirmation as secretary in 2009, Napolitano had become one of the administration's top spokespersons on cybersecurity. That's especially true in testimony before Congress, where because of executive privilege, the White House's cybersecurity coordinator and other Obama advisers will not testify.
But being a face for administration cybersecurity policy doesn't mean the policy is where it should be. "The big problems at DHS are lack of authorities and lack of a clearly defined mission," CSIS's Lewis says.
Brookings' Friedman picks up on that theme, saying the absence of any clear strategic program in cybersecurity could be seen as a failure or a success.
"On one hand, there is no clear sign or accomplishment to demonstrate progress made in the last four years," Friedman says. "On the other hand, the failure of large initiatives was largely a failure of legislation, and DHS has been instrumental at coordinating numerous initiatives across the federal government. In retrospect, small improvements and programs might be seen as better than a failed comprehensive plan."
Larry Clinton, chief executive of the industry group Internet Security Alliance, points out that Napolitano endorsed the administration's earlier position that the government could regulate the cybersecurity of critical private businesses in certain instances, a position groups like his opposed and the White House eventually abandoned.
The administration's new position, reflected in President Obama's cybersecurity executive order and backed by Napolitano, would have the federal government, working with industry, develop cybersecurity best practices that critical infrastructure operators could voluntarily adopt, an initiative being carried out by the National Institute of Standards and Technology [see Man Behind the Cybersecurity Framework ].
"It may be a good thing to make the change now so a new person who is more committed to the new model can be brought on and help it through its current formative stage and remain in place as it is implemented," Clinton says.
Day-to-day activities are not likely to be adversely affected by the vacancies, but high-level relations could, says Evans, who now heads the U.S. Cyber Challenge. "There are good career staff in place who will continue the administration's priorities," she says. "B But you do need the leadership there in the meetings with the DoD and intelligence community to ensure the balance of all the agencies as well as private sector.".