Paul J. Richards/Newscom

Lessons in Homeland Security

Outgoing DHS deputy Jane Holl Lute sheds light on the changing dynamics of countering threats.

The Homeland Security Department lost one of its top voices in early May when Deputy Secretary Jane Holl Lute left the agency after four years. In addition to her homeland security experience, Lute has a history of public service in national security and diplomacy. During her last day on the job, Lute sat down with Government Executive to discuss her time at DHS and what the agency’s future might hold.

GE: What do you see as the three most significant accomplishments during your four years at DHS?

Lute: I think the first and foremost accomplishment is answering the question of whether this country can protect itself. The answer is yes. We can pool our strengths and we can be successful in protecting ourselves. It is clear that the government cannot do all that needs doing here. State and local governments and even the public must be brought in to help reach the common goal.

We cannot be complacent. The deterioration of al Qaeda has not ended the objectives of those who want to do harm to the United States and our citizens. We have made an investment in this country, in the state and local government partnerships, as well as with the private sector, to be able to respond rapidly and effectively. This is the most significant accomplishment.

A second accomplishment is that we put on the map the importance of cybersecurity to our national and economic security. There was not much of a national dialogue four years ago. It was not clear what role the federal government would play. We have learned that we must improve cybersecurity by working together with our partners across government and with the private sector to build the world’s most secure cyber economy. 

A third accomplishment is what I would call the plumbing and wiring of the department. In less than 10 years, we achieved a qualified audit opinion. We have created administrative and operational systems more responsive and efficient than ever for dealing with all kinds of disasters. We continue to improve on individual preparedness, community resilience and the capability of the entire homeland security enterprise.

GE: One issue that has emerged as we get farther away from 9/11 is how do we balance the need for people to be aware of potential terrorism without producing fear fatigue or making them overly complacent?

Lute: I am a New Yorker. That’s a city with a grip on itself from a security standpoint, and it is exciting and vibrant as it ever has been. Buses, subways, taxis—everywhere are the signs: “If You See Something, Say Something.” We have taken a page out of that book and rolled it out nationwide. We have said to the public: If something looks suspicious, report it to the local authorities. We have taken the lessons of 9/11 and built a security framework where Americans take and understand that homeland security is a shared responsibility. America can protect itself, and we must do it together.

GE: Does moving the focus away from al Qaeda and organized terrorist groups to lone wolves change the dynamics of homeland security?

Lute: State and local law enforcement has always known about the threat of lone wolves and the potential harm they can inflict. We continue to build on what we know. Police departments are more prepared and capable of responding. We have learned from past experiences and how to respond as effectively as possible. We also know it is unwise to generalize about a particular ethnicity or religious group based on the actions of a few. We will continue to work rapidly and responsively to recognize the signs of lone wolf actors. We also need to break barriers that isolate communities. And we must all stay vigilant.

GE: One of the first things the department undertook in this administration was the first-ever Quadrennial Homeland Security Review. What were the lessons learned? What should the agency focus on as it turns to the next QHSR, due out in the next year?

Lute: The first QHSR answered the questions: What is Homeland Security? What do we do? The upcoming QHSR will answer the question: How will we do it? How will we ensure Homeland Security while protecting civil rights, civil liberties and individual privacy?

GE: There is a lot of discussion around cybersecurity. Is it national security? Is it law enforcement? Is it preparedness? Is it the private sector’s responsibility?

Lute: At the heart of cybersecurity is the reliability and integrity of your personal identity and your information. The Internet is an extraordinary innovation for humanity in and of itself, and at its core cyberspace is a public space. It is growing organically and instantaneously. We must have norms in cyberspace. We need to understand what property means in cyberspace, what is the role of government.

Generally speaking, security is an assignment that society gives to government. We expect that government runs the police and makes law; government runs the military and makes treaties. Cybersecurity, however, has not been given to the government as a primary responsibility. It is still open, accessible, and what security exists is largely maintained by the public and the private sector. Again, the key to securing cyberspace is securing people’s identities and information, and that will mean identifying roles and responsibilities for individual hardware manufacturers, software developers, Internet service providers, governments, international partners and others.

We will not be able to run the cybersecurity of the nation exclusively like an intelligence program. Is there a role for the intelligence community? Yes, but it is not the leading role. Is there a role for law enforcement? Yes, in that law enforcement must bring law to bear when crimes happen in cyberspace. We must manage cybersecurity as a civilian responsibility—one that recognizes the need to bring reliability and integrity to identity and information protection.

GE: Is cybersecurity more of a priority for noncritical infrastructure and tech companies—e.g. the rest of the Fortune 500—than it has been in the past?

Lute: Yes, cybersecurity is so interesting in that we all have responsibility for it. We all have to be attentive and collaborative on security so that we are all more secure. All critical infrastructure owners and operators, Fortune 500 CEOs, and even owners of small companies and individuals must—and are—paying attention to cyberspace. Every business connects to cyberspace. They manage business systems, employee communications, customer records and more. So every business has a responsibility to safeguard systems and prevent unauthorized use.

GE: As more commercial sites are hacked—beyond critical infrastructures—has DHS seen its role change?

Lute: When we did the first QHSR four years ago, we listed five missions that are critical to our homeland security: preventing terrorism, securing our borders, administering and enforcing our immigration laws, building national resilience, and we called out the need to ensure the nation’s cybersecurity as an important part of the value proposition we call homeland security. Cybersecurity is a national mission and is part of the federal government’s responsibility because, in many ways, cyberspace is the endoskeleton of modern life.

The government doesn’t have all the expertise or information to do it alone. We must make use of the information and tools we have. We must work to help educate the public, engage the private sector and partner in the larger international community in all the issues that fall under the word cybersecurity.

GE: Any thoughts on the path forward for homeland security and DHS?

Lute: I get asked questions about the relative youthfulness of the department and its status as a new agency. Enough with the new. DHS is 10 years old. It has learned and matured an enormous amount in the last 10 years. I’m also often asked to compare national and homeland security. As someone who spent a career in national security, I can say it is different.

National security is strategic, centralized, top-driven. Homeland security is transactional, decentralized and bottom-driven—driven by the needs of the public and of state and local municipalities.

So when you think of the Internet and of cybersecurity, it is not strategic, centralized or top-driven. It is transactional, decentralized and driven by the billions of transactions that happen in cyberspace every day. It is a lot like homeland security. For me, it has been an extraordinary learning experience and a privilege to serve at DHS.

Jessica R. Herrera-Flanigan writes for Nextgov’s Cybersecurity Report.

NEXT STORY: Telework Talk

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.