Election security, the migration of people toward the U.S.’ southern border and the public-private critical intersection of cyber security are just a few of the pressing issues facing the Department of Homeland Security.
DHS Secretary Kirsten Nielsen expressed confidence going into the mid-term election, calling it “the most secure election we’ve ever had”. At the same time, she’s dealing with the highly controversial issue of people moving toward the U.S.’ southern border and has the ongoing task of encouraging more private sector cooperation when it comes to cyber defense that impacts the nation as a whole. None of these issues are new to DHS. In fact, with many of them, we’ve been here, or somewhere similar, before.
The Cipher Brief’s Todd Rosenblum talked with former DHS Secretary Jeh Johnson as part of The Homeland’s series of interviews with former Secretaries on what DHS has learned from past experiences.
The Cipher Brief: Let’s begin with the military border deployment. How meaningful will it be from a security standpoint?
Johnson: It is clear that the military being deployed to the southern border are constrained by the law against the Posse Comitatus Act, enacted in 1878, which means that they can only serve in a support role, and it's unclear to me what support role they will play on the southern border. The president's order has sort of a superficial flavor to it. It seems that the number that is being bandied about 10, 15,000, is more important and significant for public consumption than what they're actually going to be doing.
The Cipher Brief: What more can be done to help deter and dissuade people from making the trek northward?
Johnson: I recall getting advice from my Republican predecessor, Mike Chertoff, that I never forgot, which is that illegal migration is a market-sensitive phenomenon. It reacts to information in the marketplace about perceived changes in enforcement policy.
We did essentially, three things during the 2014 crisis of unaccompanied children and families coming to the border. One, we highlighted the dangers of the journey from Central America to the United States, through Mexico, in all sorts of different ways. Including a personal visit by me to Guatemala, where I stood side-by-side with the president to basically say, "Don't come to our country. Please stay in your country." The first lady of Guatemala launched her own campaign to do that, and we did the same in messaging throughout Central America, and in Mexico.
Number two, we prevailed upon the Mexican government to beef up border security on their southern border, which was at considerable budget cost to them. They were able to sustain that for at least a year, probably a little more than that.
Number three, we expanded family detention, which is the opposite of separating families. That was controversial without a doubt. We had to expand that capability and we did. I made a big deal about that publicly. That seemed to have, in addition to the other things, some effect on the migration flow.
Two lessons learned from all of this: You can do things to change enforcement policy, put out messages about the changes in enforcement policy that will send a shock into the system that will cause a downturn in illegal migration. But it will only be short term, so long as the underlying conditions that caused the push persist. So as long as the poverty and violence in Central America persist, the numbers will always revert to their normal trends. Lesson two is, so long as the conditions persist, we're going to continue to deal with this problem.
The Cipher Brief: What are potential solutions to the migration flow and response operations?
Johnson: Solutions include more immigration judges on our end. There's a modest increase, but we need far more to move cases along faster. We need to be investing in the three Central American countries most effected to address the poverty, violence, and corruption in those countries. We started down this road in FY16 with $750 million appropriated by the congress with a lot of strings attached, rightfully so. But the numbers have been going in the wrong direction. It needs to be increased.
We need to support the government of Mexico in its own efforts, working constructively to also establish its own system of asylum and refugee processing. We need to do the same with other countries in the region like Costa Rica and Belize. Migrants need choices and places to go lawfully and safely other than through Mexico, up to the United States.
None of that is a quick fix, and our government is not good at making long-term investments in long-term problems. There are no legal levers that this president can pull to shut down the border, shut down ports of entry, discontinue asylum applications, and prevent illegal migration. It's a little like trying to decree that it will not rain anymore.
The Cipher Brief: When it comes to election security, do you think there is more the U.S. can and should do to deter Russian interference operations inside the homeland?
Johnson: Nation states always respond to sufficient deterrents, and there's only so much you can do on defense. You have to make the behavior cost prohibitive. If we believe the Russians are still at it, then plainly the deterrents that have been put in place have not been sufficient and more need to be imposed. I do think the Trump Administration has done a pretty decent job of imposing a range of deterrents, but it is probably the case that more are necessary.
The Cipher Brief: Let’s turn to government cooperation with social media providers. This is a tough issue from both sides' perspective. Do you see cooperation improving or drifting farther apart?
Johnson: We had this back and forth with the tech sector when it came to the issue of encryption in the previous administration. At the end of the day, we were not able to achieve any sort of over-arching arrangement with them, nor do I think they wanted to be seen as doing such, for purposes of market consumption. I do know that on a case by case basis, perhaps below the radar, a lot of these companies are reasonably cooperative.
When it comes to the issue of fake news, I do think that first and foremost, it has to be the social media providers and the internet service providers themselves that insist upon certain standards and certain levels of attribution. I do not believe that the government should be in the business of regulating speech in this country.
The government can regulate things that violate the federal election laws, regulate and prosecute things that violate the provisions of Title 18 when it comes to computer hacking and the like, but in our zeal to address the issue of fake news, the security agencies of the government should not go down the road of trying to regulate what is acceptable content on the internet.
The Cipher Brief: How do you assess the way the U.S. Government is organized for cyber security? The British have consolidated their missions into one entity. Does the U.S. have it right, or should government be thinking about a larger consolidated entity?
Johnson: I think that there needs to be an agency of our government that is responsible for domestic cyber security. It should be part of DHS.
I don't think we need to rethink yet again what the respective roles are. PPD- 41 spelled out in a pretty decent way, where there is an asset response and a threat response. Threat response is a matter for law enforcement. Asset response is a matter for Homeland Security. And you’ve got the Department of Defense and intelligence agencies when it comes to cyber offense.
I've been disappointed, frankly, with the level of cooperation between the government and the private sector. We set up the NCCIC (National Cybersecurity and Communications Integration Center) and got the Cybersecurity Act of 2015 passed, that gave civil and criminal immunity to private actors that shared cyber threat indicators with the Department of Homeland Security. Not enough companies signed up for that. I'd like to find a way to encourage the private sector to cooperate more with the government.
The Cipher Brief: You spent a fair amount of your time at DHS working on building out the capacity of DHS headquarters. How far did you get in that effort? How much of that will be sustained, and how much farther does it need to go?
Johnson: Three years is not a long time to try to remake a 230,000-person, 22-component department. When I got there, I was surprised to find that much of it was still very stove piped and that the bureaucracy lacked any real maturity. I spent a lot of time on management reform, way more than I thought I would, modernizing and maturing the way in which we do budgets, our acquisition programming, and the joint task force structure.
We made considerable progress. I also want to stress to the public the many different important missions of the department, which included a lot of different ways in which we kept the homeland safe. I worry that DHS is being overwhelmed by the politics, and that when people see that seal, that emblem, whether on it's on a TSA uniform, or elsewhere, all they're gonna think of is immigration, which would be very unfortunate in my view.
The rest of it, in terms of modernization and maturity of the bureaucracy wasn't institutionalized yet. The concrete had not been poured over it yet and therefore, you need personalities in place committed to continuing in that direction. I don't know that that's still there, because there are a lot of vacancies and there's no Deputy Secretary, for example, so I worry that a lot of that may have lapsed.
The Cipher Brief: Secretary Nielson recently announced a shift in mission for the Department, moving from a counter terrorism posture to a wider counter threat posture. What do you make of that shift?
Johnson: When I first got into office, we were doing a five-year report for Congress, I wanted to retain the reference to counter terrorism, so that the urgency of the mission never goes away. Then I realized that cyber security needed to be the other cornerstone of our mission. I always want that to be cornerstone of the department's mission.
The Cipher Brief: What makes you most concerned about our Homeland Security? What makes you most optimistic?
Johnson: I'm most optimistic that our government as a whole does a better job of detecting terrorist plots from overseas. We've had considerable success in degrading core Al-Qaeda and ISIS, and their ability to move freely to plan a large-scale attack on the homeland. That's the good news. We're challenged by smaller scale attacks by the self-radicalized actor, who radicalizes in secret and is hard to detect. I spent considerable time devoted on our program to counter violent extremism.
On the cyber front, I think it's going to get worse before it gets better. We've yet to turn the corner in understanding the cyber threat. Those on offense have the upper hand right now. They're more ingenious, tenacious, and aggressive. Those on defense struggle to keep up.
On the FEMA front, we're dealing with climate change impacting upon aging infrastructure in places like New York and other older urban areas of our country. That needs to be addressed. And then of course, there's always immigration. As long as immigration continues to be a hot button, red-meat issue, addressing and reaching the solutions to comprehensive immigration reform will be awfully hard to address.
The Cipher Brief: Thank you.
Jeh Johnson served as the fourth Secretary of Homeland Security from 2013-2017. He is currently a corporate lawyer and Partner at Paul, Weiss, Rifkind, Wharton & Garrison LLP, based in New York City.
