Lessons in Homeland Security

Paul J. Richards/Newscom

The Homeland Security Department lost one of its top voices in early May when Deputy Secretary Jane Holl Lute left the agency after four years. In addition to her homeland security experience, Lute has a history of public service in national security and diplomacy. During her last day on the job, Lute sat down with Government Executive to discuss her time at DHS and what the agency’s future might hold.

GE: What do you see as the three most significant accomplishments during your four years at DHS?

Lute: I think the first and foremost accomplishment is answering the question of whether this country can protect itself. The answer is yes. We can pool our strengths and we can be successful in protecting ourselves. It is clear that the government cannot do all that needs doing here. State and local governments and even the public must be brought in to help reach the common goal.

We cannot be complacent. The deterioration of al Qaeda has not ended the objectives of those who want to do harm to the United States and our citizens. We have made an investment in this country, in the state and local government partnerships, as well as with the private sector, to be able to respond rapidly and effectively. This is the most significant accomplishment.

A second accomplishment is that we put on the map the importance of cybersecurity to our national and economic security. There was not much of a national dialogue four years ago. It was not clear what role the federal government would play. We have learned that we must improve cybersecurity by working together with our partners across government and with the private sector to build the world’s most secure cyber economy. 

A third accomplishment is what I would call the plumbing and wiring of the department. In less than 10 years, we achieved a qualified audit opinion. We have created administrative and operational systems more responsive and efficient than ever for dealing with all kinds of disasters. We continue to improve on individual preparedness, community resilience and the capability of the entire homeland security enterprise.

GE: One issue that has emerged as we get farther away from 9/11 is how do we balance the need for people to be aware of potential terrorism without producing fear fatigue or making them overly complacent?

Lute: I am a New Yorker. That’s a city with a grip on itself from a security standpoint, and it is exciting and vibrant as it ever has been. Buses, subways, taxis—everywhere are the signs: “If You See Something, Say Something.” We have taken a page out of that book and rolled it out nationwide. We have said to the public: If something looks suspicious, report it to the local authorities. We have taken the lessons of 9/11 and built a security framework where Americans take and understand that homeland security is a shared responsibility. America can protect itself, and we must do it together.

GE: Does moving the focus away from al Qaeda and organized terrorist groups to lone wolves change the dynamics of homeland security?

Lute: State and local law enforcement has always known about the threat of lone wolves and the potential harm they can inflict. We continue to build on what we know. Police departments are more prepared and capable of responding. We have learned from past experiences and how to respond as effectively as possible. We also know it is unwise to generalize about a particular ethnicity or religious group based on the actions of a few. We will continue to work rapidly and responsively to recognize the signs of lone wolf actors. We also need to break barriers that isolate communities. And we must all stay vigilant.

GE: One of the first things the department undertook in this administration was the first-ever Quadrennial Homeland Security Review. What were the lessons learned? What should the agency focus on as it turns to the next QHSR, due out in the next year?

Lute: The first QHSR answered the questions: What is Homeland Security? What do we do? The upcoming QHSR will answer the question: How will we do it? How will we ensure Homeland Security while protecting civil rights, civil liberties and individual privacy?

GE: There is a lot of discussion around cybersecurity. Is it national security? Is it law enforcement? Is it preparedness? Is it the private sector’s responsibility?

Lute: At the heart of cybersecurity is the reliability and integrity of your personal identity and your information. The Internet is an extraordinary innovation for humanity in and of itself, and at its core cyberspace is a public space. It is growing organically and instantaneously. We must have norms in cyberspace. We need to understand what property means in cyberspace, what is the role of government.

Generally speaking, security is an assignment that society gives to government. We expect that government runs the police and makes law; government runs the military and makes treaties. Cybersecurity, however, has not been given to the government as a primary responsibility. It is still open, accessible, and what security exists is largely maintained by the public and the private sector. Again, the key to securing cyberspace is securing people’s identities and information, and that will mean identifying roles and responsibilities for individual hardware manufacturers, software developers, Internet service providers, governments, international partners and others.

We will not be able to run the cybersecurity of the nation exclusively like an intelligence program. Is there a role for the intelligence community? Yes, but it is not the leading role. Is there a role for law enforcement? Yes, in that law enforcement must bring law to bear when crimes happen in cyberspace. We must manage cybersecurity as a civilian responsibility—one that recognizes the need to bring reliability and integrity to identity and information protection.

GE: Is cybersecurity more of a priority for noncritical infrastructure and tech companies—e.g. the rest of the Fortune 500—than it has been in the past?

Lute: Yes, cybersecurity is so interesting in that we all have responsibility for it. We all have to be attentive and collaborative on security so that we are all more secure. All critical infrastructure owners and operators, Fortune 500 CEOs, and even owners of small companies and individuals must—and are—paying attention to cyberspace. Every business connects to cyberspace. They manage business systems, employee communications, customer records and more. So every business has a responsibility to safeguard systems and prevent unauthorized use.

GE: As more commercial sites are hacked—beyond critical infrastructures—has DHS seen its role change?

Lute: When we did the first QHSR four years ago, we listed five missions that are critical to our homeland security: preventing terrorism, securing our borders, administering and enforcing our immigration laws, building national resilience, and we called out the need to ensure the nation’s cybersecurity as an important part of the value proposition we call homeland security. Cybersecurity is a national mission and is part of the federal government’s responsibility because, in many ways, cyberspace is the endoskeleton of modern life.

The government doesn’t have all the expertise or information to do it alone. We must make use of the information and tools we have. We must work to help educate the public, engage the private sector and partner in the larger international community in all the issues that fall under the word cybersecurity.

GE: Any thoughts on the path forward for homeland security and DHS?

Lute: I get asked questions about the relative youthfulness of the department and its status as a new agency. Enough with the new. DHS is 10 years old. It has learned and matured an enormous amount in the last 10 years. I’m also often asked to compare national and homeland security. As someone who spent a career in national security, I can say it is different.

National security is strategic, centralized, top-driven. Homeland security is transactional, decentralized and bottom-driven—driven by the needs of the public and of state and local municipalities.

So when you think of the Internet and of cybersecurity, it is not strategic, centralized or top-driven. It is transactional, decentralized and driven by the billions of transactions that happen in cyberspace every day. It is a lot like homeland security. For me, it has been an extraordinary learning experience and a privilege to serve at DHS.

Jessica R. Herrera-Flanigan writes for Nextgov’s Cybersecurity Report.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • The Big Data Campaign Trail

    With everyone so focused on security following recent breaches at federal, state and local government and education institutions, there has been little emphasis on the need for better operations. This report breaks down some of the biggest operational challenges in IT management and provides insight into how agencies and leaders can successfully solve some of the biggest lingering government IT issues.

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care


When you download a report, your information may be shared with the underwriters of that document.