U.S. Secretary of Homeland Security Jeh Johnson has embodied the international consensus-building approach favored by the Obama administration. In moving the Department of Homeland Security (DHS) toward a more cohesive cybersecurity strategy, his decisions have not gone without controversy.
However, the reality of his tenure has been more complex than partisan agendas would imply. Appointed as DHS Secretary in December 2013, Johnson has been at the forefront of the Obama administration's international cybersecurity negotiations and agreements. He was closely involved in the discussions that eventually led to a September 2015 agreement between the U.S. and China to avoid engaging in corporate espionage for commercial gain.
Johnson began laying out priorities for that agreement by raising concerns during early meetings with his Beijing counterpart in April 2015.The discussions could have easily been derailed after the Office of Personnel Management (OPM) breach was discovered.
The pact was initially derided as unlikely to affect any material change and as simply “setting the pieces on the board.” The critiques were multifold.
The decision to focus the agreement solely on cybertheft of intellectual property was a controversial/contrarian strategy, fraught with political obstacles, especially so soon after the breach of the OPM.
And yet, cybersecurity professionals will readily concede that corporate espionage is the most vital issue facing the industry. “Business espionage is at the frontline of cyber conflict today," Elad Yoran, CEO of Security Growth Partners (SGP) and executive chairman of KoolSpan, told SC Media. "And it is often taking place directly or indirectly by nation-states.”
Initial claims that the treaty may have resulted in a decline in threats originating from China were openly ridiculed and, considering the circumstances of those claims, rightfully so. (FireEye had missed its projected quarterly earnings last November, prompting the company's then-CEO Dave DeWalt to claim that the U.S.-China agreement was partially to blame for a “reduction in the threat landscape.”)
But critics may have harbored outsized expectations. Some pros wondered how quickly China might dismantle its sprawling intelligence-gathering operations. This may have been precisely the point. The agreement was not expected to transform the landscape overnight, or should not have been. Just as governments seldom move quickly in responding to rapidly evolving threats, loosely organized intelligence-gathering organizations do not immediately reverse course, or pivot to new targets, as appears to have been the case for China's intelligence groups.
Over the past year, reports of a decrease in surveillance activities began to emerge. In February, Kaspersky Labs noted that attacks by Chinese APT groups targeting Russia increased by 300 percent within a two-month period soon after the U.S.-China cyberespionage treaty. John Carlin, assistant attorney general at the Justice Department's national security division, reported a slowdown in cyberattacks from China in June, though he cautioned that the decrease may be temporary. Proofpoint reported an increase in Chinese cyberespionage attacks targeting Russia and neighboring countries in July.
In the meantime, Johnson's staff grew increasingly active in a series of agreements to coordinate with other countries on cybersecurity or cybercrime challenges. DHS representatives were involved in a flurry of discussions with South Korea, Cuba, Israel, Japan, and other countries.
The diplomatic approach has been noted by security researchers. Kaspersky projected that cyber agreements will play an increasingly urgent role as nations attempt to make alliances to gain access to resources. For a brief period, earlier this year, it even appeared as if renewed collaboration between the U.S. and Russia on cybersecurity priorities was possible. U.S. and Russian officials were expected to meet in April to explore cybersecurity issues.
It appears that these discussions with Russia were not as fruitful as was hoped. When the Russian cybersecurity threat continued to escalate, raising concerns that Russia might take its interference with the U.S. election process to the next level by exploiting weaknesses in voting machines, Johnson stepped in to initiate a dialogue with state leaders.
He offered federal resources to assist state leaders improve security of voting machines through vulnerability scans and cybersecurity risk management. Not all state leaders were receptive to the offer. A small group of states refused assistance, and after his call with state election officials, the National Association of Secretaries of State (NASS) penned a letter to Congress that warned against eroding public confidence in the electoral process.
Still, Secretary Johnson continues to march onward, attempting to improve U.S. security through cybersecurity initiatives. In late November, at a time when many officials in a lame-duck administration would be eyeing their next career move, Secretary Johnson was hard at work attempting to increase awareness of cyberattacks. “The most devastating attacks by the most sophisticated attackers almost always begin with the simple act of spear-phishing,” he said during comments at the Financial Crimes and Cybersecurity Symposium.