Here’s something that may surprise you: Homeland Security Secretary Janet Napolitano, who’s in charge of protecting many of the government’s cyber networks from hackers and spies, doesn’t use e-mail. “For a whole host of reasons, I don’t have any of my own accounts,” Napolitano said during an interview last week at the Newseum.
“Some would call me a Luddite,” she said, describing her decision as “my own personal choice.” Napolitano didn’t encourage others to follow her lead, and she acknowledged the obvious about her decision to stay off the grid: “I’m unique in that regard, I suspect.”
I had imagined Napolitano would be the model for a digitally-protected 21st-century executive. This is, after all, the Obama administration’s point person of late in its efforts to pass new cybersecurity legislation and to fashion an executive order for improving security in the nation’s critical infrastructures, some of which are especially vulnerable to digital mischief. I thought Napolitano would have separate, hard-to-guess passwords for her iTunes and Amazon accounts, two-step authentication for her e-mail. She’s in regular contact with the director of the National Security Agency, home of the world’s greatest codebreakers and codemakers. Can’t they get her a super-secure smartphone like the one they gave the President?
But then, Napolitano is hardly the first Cabinet secretary who isn’t fluent in the technical aspects of the vast domain she manages. Her career has been spent running large organizations, most recently the state of Arizona, where she served as governor from 2003 to 2009. Now, in Washington, Napolitano’s personal attitude towards cyberspace mirrors how she’s positioning her department.
Homeland Security is becoming, as Napolitano described it, the “hub” of a wheel, and the various spokes are the many other agencies in the government with some stake in cybersecurity. Chief among them is the NSA, but there’s also the Defense Department and the military, the FBI, and the CIA, just to name a few of the more influential prongs. These organizations employ people whose job is to know how networks function so they can defend them or, when called upon, wreak havoc inside them.
Napolitano wants DHS to be a convener of this expertise for protecting civilian government networks and certain critical infrastructures, such as the energy sector. What this means in practice is that the department won’t be doing the nitty-gritty work of cybersecurity so much as managing it. (Or trying to, anyway.)
In this sense, it’s not at all surprising that Napolitano herself keeps a distance from the very infrastructure she’s trying to protect. She doesn’t need to know how to build a cyber network. She needs to know how to protect one. Those are distinct skills. And she’ll be judged by how well she does the latter.