DHS

Commentary: National Vetting Center a Needed, Not Controversial, Security Asset

By Francis X. Taylor

This commentary originally appeared in Homeland Security Today, June 11, 2018.

For decades the U.S. has screened and vetted those who wish to enter the United States or apply to come to U.S. as visitors, immigrants or refugees. While technology and threats have changed, what has remained the same is the need for our officials on the front lines to have the most up-to- date and accurate information to decide who should or should not be allowed to enter our country.

To that end, earlier this year the National Vetting Center (NVC) was created to strengthen, simplify, and streamline the complex, ad hoc, and sometimes inefficient ways that intelligence is used to inform operational decisions related to screening and vetting. Despite the hype, I believe the NVC should not be viewed as part of the heated national debate on extreme vetting. Instead, the NVC should be viewed as the continuing improvement of effective security processes to improve the security of our travel, immigration and trade infrastructure. Specifically, I believe there are three added benefits to the government and to America’s overall national security posture with the launch of the NVC.

First, the practices and procedures that the U.S. government uses for screening and vetting must be dynamic and continually evolve in terms of throughput, redress, privacy, and accuracy. The NVC is a positive step in that direction. Following the 9/11 terrorist attacks, the U.S. created a system to better protect the homeland against potential terrorists. Lessons learned after each attempted terrorist plot since 9/11 caused the government to incrementally mature the system but never fully institutionalize these best practices in one organization.

While U.S. intelligence, law enforcement and security professionals continue to scour the globe for transnational criminals, spies, drug smugglers and weapons proliferators trying to enter the country illegally or with bad intent, the NVC can serve as a single place to analyze a broader set of applicable government information – with the right privacy regime to ensure that the right analysts have access to the proper information at the right time.

Second, I believe the NVC is a smarter use of the government’s existing knowledge, expertise, and money, as well as a realization of the post-9/11 mission to connect the dots of those transiting to the homeland for nefarious reasons.

Threats are not the only thing that have changed since the turn of the century. Technology has clearly evolved at a near exponential pace. Through the NVC, federal agencies will have the ability to use the NVC’s tools and analytic programs in a consolidated, efficient, and streamlined fashion with greater accuracy and speed than ever before. This approach would allow for secure information sharing at a volume and speed that was not possible just five years ago.

Through the creation of the NVC, the U.S. government will have an agile center that can evolve as the threats to the homeland evolve. The threat picture is ever-evolving and the government needs to move quicker to counter the tools that our adversaries are using. Today’s technology will allow agencies to maintain control of their data and permit it to be accessed securely and only by those with the right and proper authorities for the purpose of a specific, legally authorized screening mission.

Finally, the NCV will allow for better coordination and collaboration. Right now, agencies are screening and vetting people properly and with much success – the system is not broken. But we can do it better. And we can expand the work beyond the counterterrorism-only focus of the past 17 years. The NVC will allow for a “task-force” approach to these activities rather than the ad hoc mechanisms that currently exist. Co-locating vetting analysts from different agencies will allow these trained professionals to collaborate, share information where appropriate and access the expertise that resides within each agency to make better, more timely and more informed decisions – including redress decisions. And this scalable model will provide agencies the flexibility to meet the evolving threats we no doubt will face in the coming years as terrorists, criminals and others change their tactics in an attempt to evade the latest vetting protocols.

As the former Under Secretary for Intelligence and Analysis at Department of Homeland Security (DHS), I helped to tackle these same issues while serving in the last administration. I commend DHS for picking up where we left off. And it is my hope that they can build on our path to strengthen this capability with the right outcomes from the start.

It is important that the NVC is a government asset and does not belong to one department or component. It is also important that the NVC is a truly joint facility that allows assignees from across the interagency to collaborate, co-train, and fuse intelligence and experience within the art of screening and vetting. I wish the first director of the NVC my very best: This problem is not insignificant and yet the solution is ever-critical to the protection of our homeland.

Commentary: Firewalling Democracy: Federal Inaction on a National Security Priority

This piece originally appeared in The Hill, January 31, 2018.

January marked the first anniversary of the U.S. Department of Homeland Security’s designation of elections as “critical infrastructure,” placing them into the category of other physical or virtual sectors — such as food, water and energy — considered so crucial that their protection is necessary to our national security. Naming “elections” as a critical infrastructure sub-sector was a key action taken by then-Secretary Jeh Johnson following an Intelligence Community report about ways Russia sought to meddle in the 2016 elections via a variety of hacking tactics aimed at election offices, voter databases and our larger digital democracy.

At the time, I was serving as DHS Under Secretary for Intelligence and Analysis — and I was encouraged greatly by the critical infrastructure move. Voting administration is a state and local responsibility, but these entities often are overburdened, under-resourced and not exactly versed in Kremlin-based cyber crimes. The announcement reflected a new reality that election security is national security — and it provided enhanced capabilities for the feds to coordinate on election cyber threats.

However, since that optimistic moment 13 months ago, there has been unwillingness at the highest levels of the federal government to act.

On Capitol Hill, it’s taken a year for the Secure Elections Act (S. 2261), to be introduced. Although a positive first step toward ensuring that states have grants and other support to protect their voting systems, the bill’s future is unclear beyond the six bipartisan co-sponsors backing it.

At DHS, scores of mid-level staff — especially within the National Protection and Programs directorate — are working to answer state and local election officials requesting cyber assistance, while at the same time gathering what limited resources exist to prepare for 2018.  But these folks are operating minus top cover from the White House or other cabinet-level leaders, many of whom continue to eschew that Russia is a concern altogether.

As I consider possible reasons for this federal lack of leadership, it appears the fear of attaching oneself to the politics of the past election — rather than tackling the real challenges of the upcoming one — emerges as the most plausible explanation.

For one, it’s not for lack of threat. The vulnerabilities within our democratic infrastructure are deepening every day. In June, DHS announced that voting systems and registration databases in at least 21 states had been the aim of Russian hacking attempts in 2016. Last fall, across the pond, the Brits laid claim that the same Russia-based Twitter accounts that targeted the 2016 U.S. election also employed divisive rhetoric to influence the Brexit referendum. Even as recently as November, news emerged that Russian bots flooded the Federal Communications Commission’s public comment systems — an important democratic forum for Americans to voice opinions — during the net-neutrality debate, generating millions of fake comments.

Federal procrastination is also seemingly not tied to lack of pressure. It is true that DHS’s initial offers for cyber assistance were not embraced by state and locals in past elections. But since last year, there’s been a backlog of requests pouring in. Meanwhile, local election directors such as Cook County, Illinois’ Noah Praetz, have taken it upon themselves to develop election cybersecurity plans, despite no federal backing. Even the hacker community — traditionally allergic to Washington — has been raising the alarm on election security. For example, DEFCON, the world’s largest hacker conference, held an educational voting machine hacking demonstration last summer to show how susceptible election equipment is to cyber attack.

Finally, I surmise absent response is not a factor of the arduous process that is federal policymaking. Historically, when a national security threat to America is imminent, I’ve seen leaders act swiftly, honorably and without regard for politics. In this case, we have waning time to act: The 2018 election season is weeks away with primaries starting in March in Illinois and Texas. And when it comes to Russia’s goal of undermining democracy, they’re not likely to take this cycle off. Indeed, they will most likely apply the lessons of 2016 with a more calculated approach.

After 47 years in working in national security — much of that spent in the military and federal government — I respect the evolving threats facing democracy today. Yet the urgent work at the state and local level to prepare for future elections will be insufficient if it is not fully matched and funded by the federal government.

With new leaders, including DHS Secretary Kirstjen Nielsen, assuming the helm, this is a moment to choose national defense over politics. A window, albeit closing, exists to support state and locals — along with mid-level civil servants — focused on the problem.

In the vital cause to reassure Americans that their democracy can withstand outside attacks, our enemies are counting on political division and chaotic discourse. I encourage leaders at every level to leverage the best of our national security resources, unite and then prove them wrong.

Francis X. Taylor, a senior advisor at the security consulting firm Cambridge Global Advisors in Washington, is the former under secretary for intelligence and analysis at the Department of Homeland Security. He also served as the former head of diplomatic security with the State Department and is a retired U.S. Air Force brigadier general.

IN-THE-NEWS: Feds Team with Foreign Policy Experts to Assess US Election Security

This article originally appeared in Dark Reading, January 18, 2018.

Expert panel lays out potential risks for the 2018 election cycle and beyond

Speaking at a panel on election security in Chicago last night, Douglas Lute, former US Ambassador to NATO, said he remains very concerned that Russian interference in the 2016 elections has eroded the public’s confidence in the election system, the cornerstone of the American democracy.

“What happened in the 2016 election is as serious a national security threat as I’ve seen in the last 40 years,” said Lute. “When you think of events such as Pearl Harbor and 9-11, those are physical attacks and terrible as they are, we can recover from them. But if we lose confidence in the election system, that erosion is more serious.”

The panel discussion, "Secure the Vote," was sponsored by DEF CON, which held a Voting Machine Hacker Village during its August event, and by the Chicago Council on Global Affairs. Also participating were Rick Driggers, deputy assistant secretary at the US Department of Homeland Security's (DHS) Office of Cybersecurity & Communications, and Greg Bales, community outreach coordinator in Sen. Richard Durbin’s (D-Ill.) office. The panel moderator was Jake Braun, cybersecurity instructor at the University of Chicago.

Braun hailed the panel as the first time the executive and legislative branches of government got together to publicly discuss hacking of the US election system.

In September, DHS informed 21 US states that some component of their respective election systems had been targeted by Russian state-sponsored cybercriminals during the 2016 election campaign. According to DHS, no votes were changed and many of the targets experienced only vulnerability scans. Last night’s discussion was held ahead of the nation’s first primaries this March in Illinois and Texas, both of which were among the 21 targeted states. 

Lute kicked off the panel with five points for attendees to consider:

  • Russia is a proven threat. Although President Donald Trump has rejected the validity of reports on election tampering, national security agencies agreed that Russia attacked our election system in 2016 and that it was state-sponsored under the direction of Russian President Vladimir Putin, said Lute.
  • Russia is not going away. President Putin is likely to win another six-year term this year in an uncontested election, and even if something happened to Putin, he would be replaced by a similar figure who will look to expand on global election hacking efforts, said Lute.
  • Other nation-states are potential threats. It’s clear that other nations such as China, Iran and North Korea have the capability to hack into our elections and other critical businesses and infrastructure.
  • Time is short. The election cycle of 2018 is a short two months away and the 2020 Presidential race is just around the corner.
  • Our allies are vulnerable. Other countries' elections are already experiencing cybersecurity incidents, like the data breach that hit French president Francois Macron days before the election. 

The DHS’s Driggers said DHS is available upon the request of state and local governments to provide security services such as technology assessments, information sharing and basic cyber hygiene. He said in early January 2017, DHS identified the US election system as part of the nation’s critical infrastructure, putting it on the level of our IT, defense, energy, and financial services systems.

"It's definitely a priority in our planning," Driggers said. "We realize that US elections are run by local election officials and our efforts are primarily to support state and local efforts."

On the legislative front, Bales said Sen. Durbin is working hard to support the Secure Elections Act, a bill sponsored by Sen. James Lankford (R-Okla.) and Sen. Amy Klobuchar (D-Minn.) that seeks to protect against foreign interference in future elections.

"Voting is a bi-partisan American issue, so we have to make sure outside actors like Russia are not involved," Bales said.

As for potential solutions, Lute offered three suggestions: get the entire election system off the Internet; protect the state voter registration databases; and create an audit trail by using optical scanners to track individual paper votes.

Most of Lute’s suggestions are based on the Election Security Plan developed by Noah Praetz, director of elections with the Cook County Clerk’s Office. Praetz’s plan represents the first known formal response by a local government to reported US election hacking in 2016.

Many cybersecurity researchers also called for paper voting or systems that use optical character readers to generate voter-verified paper trails after two (decommissioned) voting machines were hacked within 90 minutes during DEF CON's Voting Machine Hacker Village in August

IN-THE-NEWS: CGA's Nate Snyder Participates in Panel with Former CIA Director John Brennan

Cambridge Global Advisors (CGA) is proud to announce the participation of Nate Snyder, former senior counterterrorism official in the Department of Homeland Security and current CGA employee, in last Wednesday's discussion with John Brennan, former Director of the Central Intelligence Agency regarding the outlook of global security. The event was hosted by The Center on National Security at Fordham University School of Law in New York, where Brennan is Distinguished Fellow for Global Security. It was attended by widely recognized national security thought leaders, published researchers, current CT practitioners, national media, and national security correspondents. 

The conversation was moderated by David Ignatius, columnist for the Washington Post. Video of the conversation can be found here.  

COMMENTARY: DHS office leading the way on federal cyber innovation

This article originally appeared in Fifth Domain, September 26, 2017.

By: Chris Cummiskey

It isn’t often that the words innovation and government find their way into the same sentence. When they do, it is often to decry the lack of innovation in government practices. Silicon Valley and other corporate leaders have long lamented that the federal government just doesn’t seem to understand what it takes to bring innovation to government programs.

One office in the federal government is having an outsized, positive impact on bringing private sector innovation to government cybersecurity problem solving. The Cybersecurity Division (CSD) of the Science & Technology Directorate at the Department of Homeland Security has figured out how to crack the code in swiftly delivering cutting edge cyber technologies to the operators in the field. Some of these programs include: cybersecurity for law enforcement, identity management, mobile security and network system security.

The mission of CSD is to develop and deliver new technologies and to defend and secure existing and future systems and networks. With the ongoing assault on federal networks from nation-states and criminal syndicates, the mission of CSD is more important than ever.

CSD has figured out how to build a successful, actionable strategy that produces real results for DHS components. Their paradigm for delivering innovative cyber solutions includes key areas such as a streamlined process for R&D execution and technology transition, international engagement and the Silicon Valley Innovation Program (SVIP).

R&D Execution and Technology Transition

One of the greatest impediments to taking innovative ideas and putting them into action is the federal acquisition process. As a former chief acquisition officer at DHS, I certainly understand why there needs to be federal acquisition regulations. The challenge is these regulations can be used to stifle the government’s ability to drive innovation. I am encouraged by the efforts to overcome these obstacles by federal acquisition executives like DHS Chief Procurement Officer Soraya Correa – who is leading the fight to overcome these hurdles.

Under the leadership of Dr. Doug Maughan, CSD has created a process with the help of procurement executives that swiftly establishes cyber capabilities and requirements with input from the actual users. They have designed a program that accelerates the acquisition process to seed companies to work on discreet cyber problems. The CSD R&D Execution Model has been utilized since 2004 to successfully transition over 40 cyber products with the help of private sector companies. The model sets up a continuous process that starts with workshops and a pre-solicitation dialogue and ends with concrete technologies and products that can be utilized by the operators in the various DHS components. To date the program has generated cyber technologies in forensics, mobile device security, malware analysis and hardware enabled zero-day protections and many others.

International Engagement

Maughan often states that cybersecurity is a global sport. As such, many of the challenges that face the United States are often encountered first by other countries. Maughan and his team have worked diligently to leverage international funding for R&D and investment. CSD is regularly featured at global cyber gatherings and conferences on subjects ranging from international cyber standard setting to sharing R&D requirements for the global entrepreneur and innovation communities.

Silicon Valley Innovation Project (SVIP)

It seems like the federal government has been trying to get a foothold in Silicon Valley for decades. Every president and many of their cabinet secretaries in recent memory have professed a desire to harness the power of innovation that emanates from this West Coast enclave. One of the knocks on the federal government is that it just doesn’t move fast enough to keep pace with the innovation community. Maughan and the folks at CSD recognize these historic impediments and have moved deftly to build a Silicon Valley Innovation Project (SVIP) that is delivering real results. To help solve the hardest cyber problems facing DHS components like the Coast Guard, Customs and Border Protection, the United States Secret Service and the Transportation Safety Administration, SVIP is working with Silicon Valley leaders to educate, fund and test in key cyber areas. The program is currently focusing on K9 wearables, big data, financial cybersecurity technology, drones and identity. The SVIP has developed an agile funding model that awards up to $800,000 for a span of up to 24 months. While traditional procurement processes can take months, the SVIP engages in a rolling application process where companies are invited to pitch their cyber solutions with award decisions usually made the same day. The benefits of this approach include: speed to market, extensive partnering and mentoring opportunities for the companies and market validation.

Conclusion

Moving innovative cyber solutions from the private sector to the federal government will always be a challenge. The speed of innovation and technological advancement confounds federal budget and acquisition processes. What Maughan and CSD have proven is that with the right approach these systems can complement one another. This is a huge service to the men and women in homeland and cybersecurity that wake up every day to protect our country from an ever-increasing stream of threats.

Chris Cummiskey is a former acting under secretary/deputy under secretary for management and chief acquisition officer at the U.S. Department of Homeland Security.

IN-THE-NEWS: Announcing IBM's Newest Research Report Topics

CGA Principals Douglas Lute & Francis Taylor were announced in IBM's Center for the Business of Government latest round of awards for new reports on key public sector challenges.  These awards and projects respond to priorities identified in the Center's research agenda and the content is intended to stimulate and accelerate the production of practical research that benefits public sector leaders and managers.

Lute and Taylor's report is expected in early 2018. A short summary is below:

"Integrating and Analyzing Data Within and Across Government: Key to 21st Century Security"

This report will focus on data gathering, analysis and dissemination challenges across the homeland security enterprise. It will address how these challenges will help DHS and stakeholders in the US and Europe increase the understanding of how best to leverage technology in meeting strategic, mission and operational needs. The report will highlight opportunities for governments to leverage data integration and analytics to support better decision making around cyber and homeland security. 

Click here to view a full list of other award winners.

CGA COMMENTARY: Why going small is not always the best cyber strategy

By: Chris Cummiskey, CGA Senior Advisor

**Note: This piece originally appeared in Fifth Domain Cyber, an affiliate of C4ISRNET, Federal Times and DefenseNews.**

In recent years, there has been a strong push in federal departments and agencies to emphasize the need for awarding contracts to small business. This strategy has been further re-enforced by the Small Business Administration that issues regular scorecards to show which agencies meet predetermined percentage targets for small business contract awards.

During my tenure as the acting undersecretary for management and chief acquisition officer at the Department of Homeland Security, I worked closely with our procurement teams to generate a string of “A” grades from SBA in meeting our targets.

Today, of the $13 billion or so DHS awards each year, about one-third goes to small business, while about a third goes to medium sized and large businesses each. This has led to DHS being recognized as one of the leading departments in working with small business.

There are many places in government where a small business procurement strategy is efficient and effective, yet cybersecurity is not necessarily one of those areas. My experience is that government procurement and program officials are dedicated professionals who seek to craft the best acquisition approach based on the requirements. There are, however, a growing number of instances in cyber contracting where a shift to small business could have a detrimental impact. The pressure to meet small business goals, and the feeling among many that small businesses are more flexible and less expensive,  has led to decisions, particularly with cyber contracts, to craft a strategy that is high-risk and counterproductive.

There are several considerations that need examination when crafting a successful cyber procurement approach. These include past performance, program complexity, scale, staffing and pricing.

Past Performance

Demonstrating successful past performance is a key indicator of future success in government contracting. This track record is an important consideration in evaluating which companies can effectively execute often complex federal cyber requirements.

Given the sensitivity and complexity of the cyber mission, it is essential that contracting officers carefully weigh past performance in their evaluation criteria. In this scoring process, well established companies with extensive government experience will certainly have an advantage, but the resulting lower risk to the mission is clearly an important consideration given the cybersecurity climate today.

Program Complexity

Providing cyber defenses in federal agencies has become a challenging and complex undertaking. DHS has been tasked by Congress and the White House with protecting federal networks, while serving as the lead agency for sharing information with the private sector. These vital cyber missions are executed through programs such as Einstein and Continuous Diagnostics and Mitigation (CDM) and centers like the NCCIC and US-CERT.

There is only a subset of companies that have the necessary cyber technical capabilities, large-scale integration experience and processes to effectively run these types of programs.

Breaking cyber contracts up into smaller pieces for the promise of lower cost and more agility can sound promising, yet these promises often go unfulfilled. In reality, what most often occurs is the government themselves will need to integrate across the pieces, potentially compromising the cyber mission, and stressing an already under-staffed government professional team. When coupled with other emerging technological advancements and qualifications, this will continue to be an area where small business will struggle to compete.

Scalability

Another area where small business will have difficulty in meeting requirements of the cyber mission is with scalability. Many successful cyber programs that start as pilots or trial runs eventually end up having to be brought to scale.

As an example, Einstein 3 Accelerated (E3A) started with a relatively modest number of seats covered, yet after the OPM debacle the political will materialized to bring the cyber protection to all 2 million seats in the federal government. Once the decision was made to expand E3A, there was little time to debate whether or not the vendors would be able to accommodate the request. Immediate action to rapidly scale the capability was an imperative.

Staffing

It is not hard to see that there is shortage of skilled cyber employees. Professionals in cyber-related fields have many options today. They can work for the alphabet soup of government agencies that work the cyber mission or they can choose an often more lucrative track in the private sector.

Large government cyber programs need talented and capable personnel in the seats. Often, that means hiring private sector companies to assist with staffing and capabilities. This can be a very good option if the company has solid internal controls for maintaining high quality, cleared cyber staff who receive ongoing training. Small business often has trouble competing to attract and retain high caliber cyber talent.

Pricing

One of the regular arguments one hears about awarding to small business is they are just cheaper than some of the larger outfits. In some cases that may be true, but again, in most cyber procurements that may be an illusion.

A better metric for government cyber than Lowest Price Technically Acceptable (LPTA) should be Best Value. It is not unusual for smaller companies to low ball their pricing on a RFP with the hopes of winning the award. Once secured, they sometimes struggle to meet the contract deliverables, terms and conditions. This is a dangerous trap door for government procurement officials. They are often pressed to reduce contract cost, while not sacrificing functionality.

In too many cases, the government finds out too late that program performance has suffered due to an award to a small business that just can’t get the job done.

Conclusion

These observations are not meant to slam the small business community. There are plenty of areas in federal contracting where small business is the best choice. Unfortunately, large scale government cyber is not one of those places.

Past performance, program complexity, scalability, staffing and pricing all factor into sound federal procurement decision-making. At the start of a new administration, I hope the incoming teams of appointees will take a hard look at how federal cybersecurity is planned, procured and executed to ensure the best results.

Chris Cummiskey is a former acting undersecretary/deputy undersecretary for management and chief acquisition officer at the U.S. Department of Homeland Security.

PRESS RELEASE: Former U.S. Department of Homeland Security Under Secretary Francis X. Taylor Joins Cambridge Global Advisors as Principal

May 4, 2017 (Washington, DC) – Today, Cambridge Global Advisors (CGA) announced that Francis X. Taylor, former Under Secretary for Intelligence and Analysis (I&A) at the U.S. Department of Homeland Security (DHS), will join CGA as a Principal and Senior Advisor, advising on a variety of government, NGO, corporate and non-profit client projects in the national security and global affairs space.

At DHS, from 2014-2017, Taylor oversaw and carried out the mission of the Office of Intelligence and Analysis, equipping the Homeland Security Enterprise with the timely intelligence and information required to keep the homeland safe, secure, and resilient. 

Before his DHS appointment, Taylor served as Vice President and Chief Security Officer for the General Electric Company (GE) and was responsible for GE's security operations and emergency management processes. Taylor also had a distinguished career in public and military service, including serving as Assistant Secretary of State for Diplomatic Security and as the US Ambassador at-Large and Coordinator for Counterterrorism for the Department of State from 2001-2002. During his 31-year military career, Taylor achieved the rank of Brigadier General and oversaw counterintelligence and security operations for the US Air Force.

Of the recent appointment, Jake Braun, CEO of Cambridge Global Advisors said: “A home for many other former leaders at the Department of Homeland security, Cambridge Global is proud welcome Frank Taylor to our team. He brings a depth of knowledge and demonstrated leadership managing security operations in the military, government and corporate arenas.  We are pleased to be able to offer our clients the benefit of Frank Taylor’s high-level experience in the public and private sectors.”

CGA COMMENTARY: Kelly Lays Out Agressive Agenda in GW Address

By: Chris Cummiskey, CGA Senior Advisor

In his first major address since being sworn in as the fifth Secretary of Homeland Security on January 20th, General John Kelly delivered a wide-ranging address today at the George Washington University, Center for Cyber and Homeland Security. His remarks were centered on the state of U.S. homeland security here and abroad and Trump Administration priorities of fighting terrorism, tightening immigration/vetting, cyber protections for Federal networks and management reforms.

As a former Acting Under Secretary/Deputy Secretary at DHS and a Senior Fellow with the GW Center, I was struck by Secretary Kelly’s full-throated support for the DHS workforce and his “commitment to have their backs” with Congress and other critics of the department. Calling on his 45 years of experience in the Marine Corp, Secretary Kelly made it clear that the department would enforce current law; however unpopular, and challenged members of Congress to have the courage to make changes if they don’t like the current state of affairs.

FIGHTING TERRORISM

Consistent with his former role as the combatant commander of the Southern Command for the Department of Defense, there was a great deal of emphasis on changing the playing field on which the U.S. fights terrorism. Just as former Secretary Jeh Johnson sought to pursue a Southwest Border Campaign Strategy, Secretary Kelly is seeking to push the fight against terrorism far beyond U.S. borders. I also was interested to hear about his prediction that we will be facing increasing coordination between terrorist and criminal organizations in coming years. He also talked about the challenges of thousands of fighters in Syria returning to their countries of origin, many with visa waiver programs with the U.S. He also acknowledged the challenges of confronting “lone wolf” threats and homegrown extremist activity.

IMMIGRATION/ENHANCED VETTING

One of the most dramatic numbers cited by Secretary Kelly was the 70% decrease in southern border crossings over the last ninety days. He referenced President Trump’s tough stance, not necessarily increased enforcement, as the reason for the dramatic decline. It was interesting there wasn’t any reference to building a border wall or the significant plus up (10,000 ICE agents, 5,000 CBP agents) that is being requested in the FY2018 President’s budget. I was glad to hear about his collaborative strategies with other governments and other Federal agencies in seeking to build economic strength in those areas the most outmigration (Guatemala, Honduras et cet.). Secretary Kelly also defended new screening measures and the need for enhanced vetting of foreign travelers.

CYBER

One of the areas in the speech that was less specific involved defense of Federal computer networks. Secretary Kelly did say the White House has various task forces and a draft Executive Order on Cyber pending, yet he was more circumspect about DHS’s plans for reorganizing its cyber capabilities or future plans for the major cyber programs, Einstein and Continuous Diagnostics and Mitigation (CDM). These two major acquisitions have come under fire from GAO and the Hill in recent months. I am encouraged that Secretary Kelly has selected some able cyber professionals like his Chief of Staff, Kirstjen Nielsen, and former Microsoft executive, Chris Krebs, to advise him, yet the absence of a coherent acquisition strategy and a hardened internal bureaucracy continue to stifle cyber progress.

UNITY OF EFFORT

I was glad to hear Secretary Kelly say he is committed to building on his predecessor’s Unity of Effort strategy to further strengthen the department’s business functions. Newly confirmed Deputy Secretary Elaine Duke and Acting Under Secretary for Management Chip Fulghum will likely be tasked with gaining further acquisition and budget efficiencies in the coming months. As the Federal Times reported last month, the FY2018 DHS budget proposal seeks to fund increases in border security and enforcement by reducing the budgets of other DHS components like the Coast Guard, TSA and FEMA. This approach will be a tough sell with Congress.

CONCLUSION

Overall, I thought Secretary Kelly did a good job of laying out a clear agenda for the department in the coming months. The messages were not wildly different than those delivered by former Secretaries Johnson and Napolitano in their first months in office. The main difference for DHS is that for the first time you have an operator running an operational department. These days that is a pretty big deal.

Chris Cummiskey is a senior advisor at CGA, as well as former Acting Under Secretary/Deputy Under Secretary for Management, Chief Acquisition Officer at the U.S. Department of Homeland Security and a Senior Fellow with the George Washington University Center for Cyber and Homeland Security.