The Point Man Against Cyberattacks
WASHINGTON -- In November 2012, Jeh Johnson, who was then the Pentagon's general counsel, let himself speculate in a speech about al-Qaeda, "How will this conflict end?" He foresaw a "tipping point" at which U.S. officials might be able to say that the group had been "effectively destroyed."
That was then. Nearly three years later, al-Qaeda and other toxic terrorist groups have metastasized. Johnson is now secretary of homeland security and has responsibility for protecting America against attack. Rather than imagining an end to the terrorist campaign, Johnson must re-enlist American citizens -- and a weary government bureaucracy -- to fight the next rounds and keep the country safe.
Maintaining public unity is difficult late in the Obama presidency, when the federal government often seems overwhelmed and unable to galvanize popular support. Johnson watched the Twin Towers fall on Sept. 11, 2001, from his office in midtown Manhattan, and he remembers the national resolve that followed. The fierce partnership between the public and the government back then, when every doorstep seemed to display an American flag, is now badly frayed.
Across the landscape of problems that Johnson's agency must manage, there is seeming disarray. The Transportation Security Administration, which is part of DHS, has become fodder for late-night comedians after a report this month that its inspectors failed 95 percent of the time to detect concealed weapons and explosives. People joke (unfairly) that if you want to sneak toothpaste through TSA screening, hide it in an AK-47.
But TSA is just the beginning of Johnson's management problems. He oversees the Secret Service, which has stumbled through a series of security lapses and seeming cover-ups. He oversees public-private coordination of cybersecurity at a time of unprecedented cyberattacks, the latest of which plundered sensitive employment records of the Office of Personnel Management. And he's trying to convince technology companies to cooperate with a federal government to which Silicon Valley has become nearly allergic after the Edward Snowden revelations.
Johnson's style is informal and blunt. He wears open-neck shirts in his office at DHS headquarters, a temporary location that is as simple and charmless as a strip shopping mall. To his credit, Johnson seeks to emulate the frank approach of his mentor, former Defense Secretary Bob Gates. He has also adopted (perhaps a bit late) Gates' code of accountability, reassigning the acting director of TSA two weeks ago and accepting the resignation of the head of the Secret Service last October.
Johnson's challenge is that homeland security is a cooperative venture. Foreign countries, often suspicious in the post-Snowden era, need to share information with the U.S. to allow better screening of travelers. The system works, where data is shared. Last year in Abu Dhabi, for example, 785 flyers were denied boarding to the U.S. Such screening will expand soon as 10 more foreign airports become security partners.
Muslim communities in the U.S., which have their own suspicions, need to share information about young people who may be radicalized on the Internet to become "lone wolves." Johnson gave a talk last week to the congregation at a Muslim center that was worried, understandably, that the DHS secretary wanted to recruit them as FBI informants. The ceremony began with the pledge of allegiance, led by a troop of Muslim Boy Scouts. Johnson, who is African-African and a graduate of the historically black Morehouse College, told them: "I am not a Muslim, but I think I know what you feel" [about profiling and exclusion]. He stressed: "This is your homeland, too."
The place where security cooperation is most needed, and hardest to get these days, is Silicon Valley. Since Snowden, American tech companies are running scared and embracing strong encryption in an effort to convince customers they can protect their privacy. This post-Snowden backlash has gone so far, it's hurting the country, Johnson believes. He appealed in a recent speech in San Francisco for tech companies to think of the public's safety, as well as their corporate reputations on privacy issues. "Encryption is making it harder for your government to find criminal activity and potential terrorist activity," he warned.
The latest cyberassault on OPM records shows just how vulnerable the U.S. government and private companies are to hacking. "We need each other, and we must work together. There are things government can do for you, and there are things we need you to do for us," he told the San Francisco audience.
Johnson is right, and he needs to say it louder. In cyber and terror attacks, the "bad guys" are getting stronger and demoralized Western governments are getting weaker. This imbalance needs to be fixed.
(c) 2015, Washington Post Writers Group