Jeh Johnson knows all too well how important security is. As the secretary of the U.S. Department of Homeland Security, Johnson not only is responsible for protecting the nation from terrorists, he's also accompanied by a secret service detail everywhere he goes.
There was a time when that kind of physical security was enough, but the world has changed. During a keynote at the RSA Conference in San Francisco Tuesday, Johnson told thousands of attendees that he was reminded of this during a recent visit to his daughter's college. Before he headed to the campus, Johnson's daughter asked him to dial back his "entourage" so as not to embarrass her. Given the low-risk nature of the visit, he agreed.
Alas, within moments of his arrival, posts about his presence started appearing on Yik Yak, the anonymous campus social media platform.
"Secret security on campus. What up?"
"Hey, it's the fake Obama. He's the head of Homeland Security, yo."
And, finally, "Gee, that's bad, she'll never get a date in 4 years."
In other words, his reduced security detail couldn't prevent students armed with smart phones from leaking his whereabouts, nor could his shrinking that detail protect his daughter from digital embarrassment. Such are the times we live in, when technology has yielded a host of threats we can't see.
Which is why, Johnson said, even though DHS's primary mission has been counter-terrorism, "In 2015, cybersecurity has become a mission of equal importance."
More specifically, DHS is looking upon the National Cybersecurity & Communications Integration Center as the foundation of the agency's cyber security efforts going forward. The five-year-old NCCIC, or "N-Kick" as it's more commonly referred to, is a 24-by-7 warning center that consolidates intelligence from the DHS's various cyber facilities.
It also is intended to be a portal through which the private sector can share security intelligence, but Johnson wants to see N-Kick succeed much more as a primary vehicle for private industry to share cyber threat indicators.
"Cybersecurity must be a partnership between government and the public sector," he said.
To that end, Johnson said he's expecting to hire a high-profile director who will be charged with expanding the center's reach — and, hopefully, its impact.
"This is the importance I place on N-Kick and our cybersecurity position," he said.
Johnson also said he'd recently met with cybersecurity ministers in China, and that the resulting meeting of the minds has led to a desire to have further discussions about working together to combat threats.
That said, Johnson also understands that all the cybersecurity efforts in the world will be rendered ineffective unless the people returning from events like RSA Conference share best practices with their peers both inside and outside of their companies. He borrowed a tired cliché to make his point: "We're only as strong as our weakest link."
In other words, uneducated users will continue to undermine even the most comprehensive security programs.
"The most sophisticated companies and government agencies remain vulnerable to the most basic act of spear phishing," he said.
Even the most powerful threat intelligence-sharing engine in the world is probably powerless to change that, but it certainly can't hurt.