Deputy Secretary, US Department of Homeland Security
A Two-Way Flow of Information: Public-Private Partnership for Cyber Defense
April 22, 2014—The CyberWire interviewed Mr. Alejandro Mayorkas, Deputy Secretary of Homeland Security, who participated in SINET ITSEF 2014. Deputy Secretary Mayorkas described his Department's role in US cyber security, in particular its responsibility for security the .gov space, and how the Department has taken point on sharing information with the private sector.
The CyberWire: Thanks for speaking with us, Mr. Deputy Secretary. The Department of Homeland Security has been given an important leadership role in cyber security for the Federal Government as a whole. Could you give us an overview of that role?
Mayorkas: One of our critical missions is to secure the .gov space. We're also involved in sharing information with the private sector. This is a two-way flow of information, and the Department of Homeland Security has taken point.
The Department can and does provide unclassified information to the private sector. Entities in the private sector can individually report cyber information to us, and enlist our assistance in remediation.
Information sharing is extremely important. When individual entities inform us of a threat, the greater the volume of the information we receive, the greater the breadth of the information, the better perspective we gain across the board. Suppose we receive a report from a manufacturer. That's one data point. A report from a retailer is another. And a report from an energy company is a third. The more we learn, the better the picture we form of the macro threat environment.
The CyberWire: What can the Department do to help overcome barriers to cyber threat information sharing?
Mayorkas: I think companies should know that there's an overarching legal structure that provides a safe harbor for information we receive. The law does recognize that companies need to be able to share with us, and we with them.
The CyberWire: We often hear of shortages of qualified cyber labor. How is the Department addressing its cyber labor pipeline?
Mayorkas: We're involved in two efforts, one of them well advanced, the other nascent.
First, we're going out on a talent search. We want to bring the best cyber talent available into the Government. Back in February, for example, Secretary Johnson—with Deputy Under Secretary Schneck—visited Georgia Tech for roundtable discussions of cyber careers with engineering students. They talked about how challenging and fulfilling a career in public service can be, and that's the message we're taking to the country's young people. Recruiting cyber talent is a high priority for the Department.
Second—and this is the nascent initiative—we're in discussions with both the Department of Education and the private sector on how we can focus students, from kindergarten through university, on cyber as an emerging and growing discipline.
The CyberWire: Classically, American capital has been inexpensive relative to labor, and capital investments have often been made to redress labor shortages. Do you see any technical approaches to augmenting relatively scarce cyber engineering talent?
Mayorkas: We're not, and don't think we should be, focusing on technological advances to supplant labor. These are two parallel, important streams. We ask ourselves two questions. First, are we at the cutting edge in terms of the technology we buy? And, second, are we recruiting the best and brightest?
We're looking at both. And the Department has some able people in the Science and Technology Directorate taking the lead on technology.
The CyberWire: You came to your present post from service as Director of United States Citizenship and Immigration Services (USCIS). What lessons about cyber security did you take from USCIS?
Mayorkas: My immediate reaction is to say, "yes." When I was at USCIS, I was a cyber security customer of the Department of Homeland Security. We were a government agency looking to DHS for help protecting our .gov space. So I was in that space looking for guidance, for advice. Much of that was in terms of sound security policy.
The CyberWire: The Administration is currently working to reconcile privacy with security. Can you speak to your Department's role in this ongoing work?
Mayorkas: Yes. We have, of course, a Chief Privacy Officer, the very able Karen Neuman. We also have an Officer for Civil Rights and Civil Liberties, Megan Mack, another outstanding public servant.
Wherever DHS has its footprint, and there are privacy implications involving our mission, we're very aware of and careful of those implications. The Chief Privacy Officer and the Office of Civil Rights and Civil Liberties are equity holders from the onset in any activity that touches on privacy. We won't pursue security by sacrificing our basic values.
The CyberWire: ITSEF, of course, is a forum where entrepreneurs meet industry leaders and policy makers. What were you most interested in seeing at SINET ITSEF 2014?
Mayorkas: Before I delivered my formal remarks, I was able to sit down with a number of representatives from industry. It was very instructive to be reminded of how diverse industry is. The private sector isn't a monolithic entity. It includes large, well-established companies, new start-ups, small and medium businesses. Their perspectives can be quite different, and I found them very valuable.
It was particularly interesting to hear their views on common criteria. As you know, the United States has a voluntary regime of standards development. It was interesting to hear representatives of industry debate whether that should continue, or whether some standards should become more compulsory.
The CyberWire: What one message would you like entrepreneurs to take away from your keynote at ITSEF 2014?
Mayorkas: My basic message is the importance of collaboration between Government and the private sector. It's vital: the more information we share, the stronger our security becomes.
The CyberWire: Thank you, Deputy Secretary Mayorkas.