Secretary Jeh Johnson of the Department for Homeland Security today called for greater collaboration between government and private sector to solve the problems that escalating levels of encryption cause for law enforcement.
Speaking on the keynote stage at RSA Conference 2015, Johnson asked the audience of security professionals to show “indulgence” and “understanding” around encryption’s role as it relates to the concerns of the government.
“The current course towards deeper encryption is one that presents real challenges for law enforcement,” he said. “Imagine if, after the invention of the telephone, government could only access information from the US Mail.”
Johnson believes that his role at the Department for Homeland Security – an organization set up in the wake of 9/11 back in 2002 – gives him a unique insight into encryption and its role in national security.
He explained that, while the Department was set up primarily for the purposes of counter-terrorism, cybersecurity has, over time, emerged as an issue of equal importance when it comes to national defense: “Cybersecurity is a major priority for my boss President Obama, and it is a priority for the Department of Homeland Security.”
A consequence of the move to more advanced, widely implemented encryption technologies, Johnson argued, is that it is becoming “harder for the government to find criminal activity.” And while he paid lip service to the privacy concerns faced by individuals and companies, the impact of strong encryption to national security, Johnson said, is detrimental.
Security professionals and the technology community at large may well express a degree of skepticism over the proposals Johnson is making. However, his RSA speech was less strident than proclamations from officials such as US Attorney General, Eric Holder, who expressed vehement opposition to the current wave of strong smartphone encryption.
Johnson seems to recognize that enlisting the support of the security community is more effective than condemning the technologies it develops out of hand.
Indeed, Johnson’s plea for help from the security community was part of a speech where private sector/government collaboration and sharing was a dominant theme: “Cyber security must be a partnership between government and private sector,” he said. “I am enthusiastic and proud about the direction we are heading in.”
Johnson was referring to the move to foster greater intelligence-sharing via the NCIC between government and private sector. He aims to “see the NCIC move to a higher level.”
Currently the government is able to provide near real-time intelligence sharing with the private sector using the NCIC, Johnson explained. Later this year, he announced, the NCIC will be accepting cyber-threat indicators from the private sector in near real time.
In addition, the Department of Homeland Security will be opening an office in Silicon Valley to serve as a new point of contact with the private sector, Johnson said. The aim is to foster a greater relationship with private sector and also attract talent to the government. “I hope some of you listening will consider a tour of service for your country,” Johnson told the assembly at RSA.
A new initiative from the president, meanwhile, states that the legal protection will be offered to those who share intelligence with the NCIC.
Johnson praised a number of the executive orders announced by President Obama this year that have demonstrated the significant rise in cybersecurity up the national agenda.
Not only this, but Johnson also spelled out the US government’s desire for greater communication with the Chinese government on all things cyber.
“Though we have sharp differences with the Chinese government, we both recognize the need to make progress on a range of cyber issues, and we have agreed to further cybersecurity discussions,” he explained.