Good, but could be better.
That was the consistent assessment Kirstjen Nielsen gave the Homeland Security Department’s cyber mission during her confirmation hearing Wednesday to be the department’s sixth leader.
Nielsen praised Homeland Security’s work helping to secure critical infrastructure against cyberattacks but pondered additional government efforts to help secure high-value information, such as citizens’ medical information.
She also spoke highly of Homeland Security efforts to share cyber threat information with the private sector but pledged to add more context to that information as secretary, echoing recent criticisms by the department’s own inspector general.
Nielsen defended Homeland Security’s efforts to share cyber threat information with state election officials but stopped short of guaranteeing that Russia will not be able to meddle with the 2018 midterm election as it did with 2016’s presidential election.
“I can’t answer that now. I certainly hope so,” Nielsen told Sen. Maggie Hassan, D-N.H. “That should be the goal. We should work and use everything we can to ensure that that does not occur.”
If confirmed, Nielsen will enter office with the longest cyber track record of any permanent Homeland Security secretary, having worked as a cybersecurity and critical infrastructure consultant in the private sector and on President George W. Bush’s Homeland Security Council.
She will also be the first secretary with a history at the department where she was former Secretary John Kelly’s chief of staff.
Nielsen demonstrated her extensive background in government cybersecurity under questioning from the Senate Homeland Security Committee Wednesday and in response to written queries, deftly answering questions about ransomware and critical infrastructure protections.
She signaled few major shifts from the status quo, however, mostly promising increased vigilance against an ever-growing cyber threat.
Nielsen endorsed a longstanding desire by Homeland Security’s cyber and infrastructure protection wing, the National Protection and Programs Directorate, to change its name to something that sounds less inscrutable.
She also committed to beefing up the department’s cyber workforce and to redouble efforts to recruit and retain top cyber talent.
Nielsen said she’d consider a cyber version of FEMA’s Surge Capacity Force program, which pulls federal employees from other departments and agencies to help respond to a natural disaster.
She even described questioning poll workers about the vote scanning machine she used in Tuesday’s elections in Virginia
“Cyber criminals and nation states are constantly looking for ways to exploit our hyper-connectivity and our reliance on IT systems,” she said, adding that “my cybersecurity experience in both the public and private sector has prepared me well for the multifaceted challenge that is increasing our resilience to cyberattacks.”
The Senate committee is scheduled to vote on Nielsen’s nomination Thursday.