Kirstjen Nielsen, President Donald Trump’s nominee for Homeland Security Secretary, said during her confirmation hearing Wednesday that securing the nation’s computer networks against hackers, spies and online crooks was one of the key missions of the sprawling federal department.
Lawmakers with the Senate Homeland Security and Governmental Affairs Committee mostly agreed with that sentiment.
Then everyone proceeded to largely ignore the subject for the rest of the hearing.
Wednesday was instead dominated by the political lightning rods of border security, immigration enforcement and even climate change. There were questions about Nielsen’s relative lack of senior-level leadership experience, but cybersecurity — one of the increasingly rare topics on which there is actually bipartisan agreement in Congress — took a back seat.
The hearing yielded some dribs and drabs of cyber, however, which we’ve chronicled below.
From elections to the energy grid
A key cybersecurity topic focused on electronic voting machines and other online election systems — starting with the nominee’s declaration that the department’s responsibility for cybersecurity was the most vital of its many functions.
“Each aspect of the department’s mission is important and as has been mentioned, there are many,” Nielsen said in her opening statement. “I believe one of the most significant for our nation’s future is cybersecurity — And the overall security and resilience of our nation’s critical infrastructure.”
When he asked about data breaches, Nielsen told Sen. Steve Daines, R-Mont., that the department had to be more proactive in its approach to protecting critical infrastructure.
“The threat has changed … data breaches continue to this day as you know but what is perhaps more damaging is the ability of those who wish to do us harm over the internet to change the integrity of that information or … make it not available,” she said, urging a new focus on the “the integrity of information” and the need to have systems with redundancy and resilience “built in.”
Moreover, the department needed to begin reassessing an approach based on different sectors of critical industry, she said. “The next step, the next evolution, is to look across sectors, across regions to look at those critical assets and those critical pieces of information we need to ensure are protected.”
Sen. Kamala Harris, D-Calif., hammered Nielsen for the amount of time she said it had taken the department to start reaching out to state election directors about voting cybersecurity issues — especially after U.S. intelligence agencies declared that Russian spies had been meddling in last year’s presidential election.
“What is the timeline, the deadline for establishing and implementing a DHS policy (on helping states to protect elections from foreign hacking)?” Harris asked.
“I would absolutely very soon upon confirmation ensure we have reached out to all of them,” replied Nielsen.
Harris was joined by her New Hampshire colleague, Sen. Maggie Hassan, who accused the department of only beginning to reach out to state election officials “within the last few weeks.”
.”My concern is whether in fact election security is actually a priority of this president,” Hassan quipped.
“It must be,” replied Nielsen.
Hassan urged Nielsen to come to lawmakers to “ask for additional funding, to ask for additional resources,” she might need, “to ensure that when people go to the polls [in 2018] … they can be sure” that the elections systems recording their votes were secure.
Sen. James Lankford, R-Okla., stressed the need for “an auditable election” — one with a paper trail that could be checked in the event of any doubts or hacking reports.
Nielsen responded that when she voted in Virginia this week, “I was quite concerned about the scanning machine and started asking a whole variety of questions what the security was on the scanning machine for the ballots.”
“Redundancy is very important,” she told Lankford, “whether that’s paper ballots [or some other method] … we need to ensure the integrity of the electoral system.”
Asked by Sen. Tom Carper, D-Del., about the need to reorganize the National Protection and Programs Directorate, she explained that her first priority would be changing the name.
“It truly does confuse stakeholders [and] it eliminates some of the morale benefits of having a clear mission,” she said. She went on to explain that “cyber is an operational mission” like other critical infrastructure protection functions. DHS leaders had to “find the best way to balance those who should be [here] at HQ … with those in the field working with the owners and operators of critical infrastructure the private sector and of course our state, local tribal and territorial partners.”
Carper was also one of a handful of senators to ask about the 45-year old Nielsen’s leadership experience.
“I enjoyed meeting with you,” he told her, “I think you’re smart, I think you’re well spoken. I worry a lot about your leadership and your experience as a leader, your lack of experience.”
Carper said that with 23 years in the U.S. Navy and eight years as governor of Delaware, “The idea of me taking over an agency with 240,000 employees all over the world and leading them would be very daunting to me.”
She added that her experience leading much smaller organizations would serve her well. “I think many of the leadership skills that have brought me to this point are scalable,” she said, adding, “I believe in accountability … but I also believe that we need to acknowledge successes.”
Sen. Heidi Heitkamp, D-N.D., also expressed some skepticism about Nielsen’s nomination, given her background and her role as DHS chief of staff earlier this year in the disastrous initial roll-out of the Trump administration’s muslim travel ban.
“You come from roles that have been supportive,” said Hietkamp, “‘Deputy chief of staff,’ ‘Chief of staff’ kinds of roles. You’re in a new role with this job. And that means you have to represent the Constitution, you have to fulfill your constitutional obligations and you have to be accountable to this committee.”
The committee’s ranking Democrat, Missouri’s Claire McCaskill, had highlighted the experience issue in her opening statement, following concern expressed by former officials to CyberScoop earlier this week.
“Perhaps most importantly I want to learn about the management experience and philosophy that Ms. Nielsen plans to bring to DHS,” McCaskill said, calling her “very knowledgeable” and possessed of “a depth of understanding of the policy issues facing the department.”
“But,” she added, “the secretary must also have leadership, management and communication skills to lead a complex and sprawling enterprise from day one … judgement, management experience and philosophy” would be the important things Nielsen brought to bear, McCaskill said, because the “day to day operations of the department” would be handled by the people she will surround herself with.