Another Leadership Shakeup at DHSSpaulding Tapped to Replace Beers as NPPD Undersecretary
What's most fascinating about the nomination of Suzanne Spaulding to be undersecretary of the Department of Homeland Security's National Protection and Programs Directorate is that many of those in the know didn't realize the post was vacant.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
The current undersecretary, Rand Beers, is serving as acting deputy secretary, temporarily filling the No. 2 post at DHS until the Senate confirms a successor to Jane Holl Lute, who resigned this spring. Normally, when the post is filled, the acting official returns to his or her old job. Spaulding is filling in for Beers as acting undersecretary.
The announcement of Spaulding's nomination appeared in a list of nominees the White House issued early evening on Aug. 1. Neither the White House nor DHS has made an official announcement about Beers' tenure.
"[It] seems interesting that they would make this nomination without any indication that Rand has resigned," says Mark Weatherford, who served beside Spaulding as one of two NPPD deputy undersecretaries until his resignation this past spring.
When queried, DHS says Beers is expected to remain in place as acting deputy secretary until the Senate confirms a replacement for Lute or her boss, Secretary Janet Napolitano, who's leaving her post in September [see DHS's Napolitano Resigns: The Impact].
President Obama nominated Alejandro Mayorkas, director of DHS's Citizenship and Immigration Services, to be deputy undersecretary, but his nomination has hit a roadblock as Republican senators seek more information about his dealings with companies run by Terry McAuliffe, a Democratic Party fundraiser who's running for governor of Virginia, and Hillary Clinton's brother.
NPPD is the DHS unit that's charged with developing and executing cybersecurity policies and initiatives within the civilian side of the federal government, including the sharing of cyberthreat information with the private sector.
In just the past few months, DHS leaders responsible for developing cybersecurity policy and programs have either left or announced their intentions to leave. Besides Napolitano, Lute, Weatherford and Beers, Bruce McConnell, senior counselor for cybersecurity and acting deputy undersecretary for cybersecurity - the post Weatherford held - will leave later this month [see Another Senior Cybersecurity Leader to Exit DHS].
DHS's Cybersecurity Leadership Role
With failure to get its legislative priorities passed by Congress, the Obama administration is using its executive authority to advance its agenda, including cybersecurity. And the administration has assigned DHS as the lead agency to develop cybersecurity programs on the civilian side of government, including working with the private sector.
For instance, DHS is working with non-military, non-intelligence agencies to deploy continuous monitoring and diagnostics to identify vulnerabilities and threats. Though the Commerce Department's National Institute of Standards and Technology is coordinating execution of President Obama's executive order to create a cybersecurity framework critical infrastructure owners could voluntarily adopt, DHS plays a critical role in developing those IT security best practices [see NIST Unveils Draft of Cybersecurity Framework].
Spaulding, if confirmed, faces a large number of challenges implementing the executive order. "The undersecretary will need to not only balance pressure from Congress, but also pushback from many industrial sectors that don't support anything beyond a purely voluntary and organic approach to cybersecurity," says Allan Friedman, research director at the Brookings Institution's Center for Technology Innovation. "At the same time, this initiative will take up much of the time of the leadership, so it's vital to have someone very familiar with the existing NPPD team."
As the Obama administration reaches out to business to adopt the cybersecurity framework, one industry leader sees a friend in Spaulding. "Suzanne ... seems to truly get the idea that there is a good deal of work that needs to be done to create a truly functional partnership," says Larry Clinton, chief executive of the Internet Security Alliance, a trade group. "Ms. Spaulding realizes the government needs to do more than just meet with the private sector; it needs to truly listen and access the tremendous expertise the private sector has to provide in our national security interest."
Will the departure of nearly every cybersecurity policymaker in a matter of months, with the loss of their institutional knowledge, weaken government cybersecurity efforts?
Not everyone agrees. "Regular departures from DHS over the years have disrupted efforts to develop a sustained national cybersecurity policy and capabilities," says Jacob Olcott, the former counsel to the Senate Commerce Committee who focused on cybersecurity.
But Greg Garcia, a former DHS assistant secretary for cybersecurity and communications, says the turnover at DHS is part of a typical cycle that every agency experiences. "There are numerous other DHS programs in place or in process that don't necessarily require political appointees to execute," Garcia says. "There is always a clamor for leadership at DHS, which is certainly important for developing new policy, but when new policy is in place, let the career professionals implement as they know how to do."
Friedman says a "small shakeup" now at DHS could avoid a much more disruptive set of departures in the future. "Many of the people leaving worked closely with recently departed Napolitano, and so [we] shouldn't be surprised when some of her leadership team departs with her," he says.
True Passion for Security
People who know Spaulding say she's well suited for the job. As deputy undersecretary, a position that did not require Senate confirmation, Spaulding's portfolio included the protection of the nation's critical infrastructure as well as identity management and verification. Before joining DHS, Spaulding served on cybersecurity and homeland security commissions and was a founder of the American Bar Association's Cybersecurity Legal Task Force.
Sony Chief Information Security Officer Philip Reitinger, who served as deputy undersecretary in the early years of the Obama administration, says Spaulding is an experienced and brilliant national security professional well-qualified to carry forward Beers' leadership. "Her deep understanding of counterterrorism, infrastructure protection and cybersecurity will serve DHS and the nation well," he says.
Those sentiments were echoed by Steven Chabinsky, the former deputy assistant director for cyber at the FBI: "Suzanne has that rare combination of incredibly broad experience in both the private sector and the government, tremendous intellect, a true passion for security and high energy that makes her a great selection for undersecretary."