NEW YORK — Nearly 18 years after the Sept. 11 terrorist attacks, three former secretaries of Homeland Security gathered at ground zero on Monday and pressed the government to prioritize cybersecurity risks as one of the top threats to the United States.
Janet Napolitano, who led the Department of Homeland Security under former President Barack Obama, urged officials to apply greater creativity to cybersecurity in an effort to avoid the failure of “imagination” that the 9/11 Commission said might have prevented the 2001 airliner attacks.
“Perhaps it is time for the country to have a 9/11 Commission for cyber before we have massive ransomware attacks conducted around the country or where we suffer, once again, a direct attack on our democracy,” she said in reference to Russian meddling in the 2016 presidential election.
Former Secretary Michael Chertoff, who was appointed by President George W. Bush, called on DHS to do a better job of partnering with the private sector to stay on top of emerging cyber threats that change more rapidly than governments can typically counter them.
“We need to raise our game,” said Chertoff in response to the current landscape of cyber threats. “And it’s got to be a public-private partnership.”
And Jeh Johnson, Obama’s final DHS secretary, said the government must ensure that punishments for foreign cyberattacks and intrusions are “cost-prohibitive.”
“You cannot create a complete line of defense against these kinds of attacks,” Johnson said. “We have to put it to the bad actor and simply make their behavior cost-prohibitive.”
The former secretaries testified at a field hearing of the Senate Homeland Security and Governmental Affairs Committee at the 9/11 Memorial and Museum. Senators in attendance were Chairman Ron Johnson, R-Wisconsin, and ranking member Gary Peters, D-Michigan, as well as Republicans Rick Scott of Florida, Mitt Romney of Utah and Josh Hawley of Missouri plus Democrats Maggie Hassan of New Hampshire and Thomas R. Carper of Delaware.
All three former secretaries discussed the need to improve the flow of information between DHS and the private sector.
Chertoff said DHS should also make more confidential information available to private technology companies. “Changing the mindset on that and opening up the aperture for information would be helpful,” he said.
He said the government and the private sector should also work together to establish new marketplaces for sensitive technology, such as telecom equipment that can be used to build 5G wireless networks, to counter the cyber threat posed by China.
“We don’t have a policy to encourage U.S. or allied business to invest in critical technologies that we need to control to make sure the Chinese don’t own us or eat our lunch,” he said.
Government officials have warned U.S. companies that using 5G technology built by Huawei, the Chinese telecom firm said to have ties to the government in Beijing, could expose wireless networks to espionage or cyber attacks. But Huawei equipment is cheaper than the alternatives.
“We haven’t facilitated a market for that type of technology,” said Chertoff. “We do it in the defense business and I would argue we now need it in the tech-national security space.”
Christopher Krebs, the director of the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency, has listed public-private partnerships as one of his top strategies for deterring cyberattacks by China and others.