DHS Secretary On Cybersecurity: Public, Private Sectors Need To Work Together

If both the private sector and the public sector want to get a leg up on security, they will have to start working together, Department of Homeland Security Secretary Jeh Johnson said in a keynote address Tuesday at the 2015 RSA Conference in San Francisco.

"My message to you today is this: Government does not have all the answers, nor do we have all the talent by any means," Johnson said. "Cybersecurity must be a partnership between us in government and those in the private sector. There are things government can do for you, and there are things government needs you to do for us, frankly."

The statement was echoed throughout keynotes and presentations at the conference Tuesday by both government peers and security experts. Michael Daniel, special assistant to the U.S. president and the administration's cybersecurity coordinator, said as he was accepting an RSA award for Excellence in the Field of Public Policy that the industry is at an "inflection point" when it comes to security. While Daniel outlined significant steps from the White House and other governmental departments to fight back against cybersecurity threats, including summits and executive orders, he said partnerships will prove key going forward.

[Related: RSA President: We're At A Security Inflection Point, But Not On A Path To Win]

"I think we are very much at a strategic inflection point. For arguably 40 years, the cyberspace and the Internet [have] been a strategic asset for the United States. If we don't begin to solve some of the vexing cybersecurity challenges that we face, we risk it becoming a strategic liability," Daniel said.

"I look forward to continuing to work with all of you to build the partnerships with industry and internationally with our friends and allies to tackle this challenge, because none of us can do it alone. It's only through partnership that we can really tackle this challenge going forward."

Bruce Schneier, renowned security expert and chief technology officer of Cambridge, Mass.-based Resilient Systems, said in a breakout session presentation, in response to a question from the audience, that he supports more government sharing. In particular, he said, there should be more government sharing down to the private sector and researchers.

"The government is struggling with this. ... I think we need a lot more information sharing around threats, between government and corporations and with researchers. Lack of information sharing is hurting us. ... In general, information sharing is really important," Schneier said. "The more we can make that work, the better we are."

For its part, Johnson said in his keynote, the DHS is ramping up investments to its National Cybersecurity and Communications Integrations Center, which serves as an integration point for threat intelligence among various federal departments, law enforcement and the intelligence community. Last year, the group received 97,000 cyberthreat reports and sent out 12,000 cyberalerts and warnings, Johnson said. He said he is personally working to move NCCIC to an "even higher and better level" and that the group has started sharing indicators with an initial set of private sector companies with the goal to add more. Johnson said both President Obama and Congress have stepped up with legislation to further establish NCCIC as the primary portal for cyberthreat indicator sharing with the private sector.

In addition to NCCIC, Johnson highlighted recent executive orders form President Obama around information sharing, best practices, the creation of a cyberthreat intelligence operations center and authorizing the Department of the Treasury to impose financial sanctions on malicious cybercriminals.

"Cybersecurity is a major priority for my boss, President Obama. It is a major priority for the administration. It is a top priority for the Department of Homeland Security," Johnson said. "I'm enthusiastic and proud of the direction our department is heading for cyber security," he continued.

Going forward, Johnson provided three recommendations to improve how businesses and the government work together. First, he said, even the most sophisticated of parties are "only as strong as our weakest link," which means if the two were to be more closely aligned, they will need to step up best practices at all levels. Second, he said, he is committed to rooting out "turf battles" between federal departments that hurt information sharing. Finally, he warned against increasing encryption methods that make it more difficult for the government to root out criminal activity.

PUBLISHED APRIL 21, 2015