On April 21, 2015, Department of Homeland Security (“DHS”) Secretary Jeh Johnson spoke at the annual RSA Conference 2015. In his remarks, Johnson explained that, while the DHS was established primarily to focus on counter-terrorism, cybersecurity has emerged over time as an equal priority when it comes to national defense. Johnson called for greater partnership between government and the private sector to address cybersecurity threats. Johnson went to on to note that the development of greater data encryption poses significant challenges for law enforcement.
Johnson highlighted the priority placed by the Federal government – including the President, his administration, and the DHS – on cybersecurity issues. Central to the cybersecurity efforts of the DHS is the National Cybersecurity and Communications Integration Center (“NCCIC”), which Johnson described as serving as the government’s “central interface with the private sector in responding to and mitigating cyber threats.” In 2014, Johnson said that the NCCIC received over 97,000 cyber incident reports from the private and government sectors and issued nearly 12,000 cyber alerts and warnings. According to Johnson, the NCCIC is striving to provide near real-time automated information sharing to the private sector and recently deployed the capability to automate publication of cyber threat indicators to select companies and government agencies. He stated that later this year, the NCCIC hopes to begin to accept cyber threat indicators from the private sector in automated near real-time format.
Johnson’s remarks also addressed the limits of the government’s ability to investigate and prosecute cybersecurity incidents. According to Secretary Johnson: “Government does not have all the answers or all the talent. Cybersecurity must be a partnership between government and the private sector. We need each other, and we must work together.” Johnson identified increasing levels of data encryption as a significant roadblock to the government as it seeks to detect and prosecute criminal, and specifically, terrorist activity. He commented that “[o]ur inability to access encrypted information poses public safety challenges” and that the impact of strong encryption is, on the whole, detrimental to the government’s national security efforts. Johnson highlighted the complicated balance between privacy concerns faced by individuals and companies on the one hand, and the need for data access in order to thwart terrorism and prosecute cybercrimes on the other: “[h]omeland security itself is a balance – a balance between the basic, physical security of the American people and the liberties and freedoms we cherish as Americans.” On the topic of stronger encryption, at least one commentator has recently recognized that Johnson’s comments are more conciliatory than others in the Obama administration who have recently come out strongly against data encryption (particularly Attorney General Eric Holder and FBI Director James Comey).