Janet Napolitano’s Approach to Defending Cyberspace

Janet Napolitano. Photograph courtesy of Wikimedia Commons.

Here’s something that may surprise you: Homeland Security Secretary
Janet Napolitano, who’s in charge of
protecting many of the government’s cyber networks from hackers
and spies, doesn’t use e-mail. “For a whole host of reasons, I
don’t have any of my
own accounts,” Napolitano said during an interview last week at
the Newseum.

“Some would call me a Luddite,” she said, describing her decision as “my own personal
choice.” Napolitano didn’t encourage others to follow her lead, and she acknowledged
the obvious about her decision to stay off the grid: “I’m unique in that regard, I
suspect.”

I had imagined Napolitano would be the model for a
digitally-protected 21st-century
executive. This is, after all, the Obama administration’s point
person of late in
its efforts to pass new cybersecurity legislation and to
fashion an executive
order

for improving security in the nation’s critical
infrastructures, some of which are
especially vulnerable to digital
mischief.

I thought Napolitano would have separate, hard-to-guess
passwords for her iTunes and
Amazon accounts, two-step authentication for her e-mail. She’s
in regular contact
with the director of the National Security Agency, home of the
world’s greatest codebreakers
and codemakers. Can’t they get her a super-secure smartphone
like the one they gave
the President?

But then, Napolitano is hardly the first Cabinet secretary who isn’t fluent in the
technical aspects of the vast domain she manages. Her career has been spent running
large organizations, most recently the state of Arizona, where she served as governor
from 2003 to 2009. Now, in Washington, Napolitano’s personal attitude towards cyberspace
mirrors how she’s positioning her department.

Homeland Security is becoming, as Napolitano described it, the “hub” of a wheel, and
the various spokes are the many other agencies in the government with some stake in
cybersecurity. Chief among them is the NSA, but there’s also the Defense Department
and the military, the FBI, and the CIA, just to name a few of the more influential
prongs. These organizations employ people whose job
is to know how networks function so they can defend
them or, when called upon, wreak
havoc inside
them.

Napolitano wants DHS to be a convener of this expertise for protecting civilian government
networks and certain critical infrastructures, such as the energy sector. What this
means in practice is that the department won’t be doing the nitty-gritty work of cybersecurity
so much as managing it. (Or trying to, anyway.)

In this sense, it’s not at all surprising that Napolitano herself keeps a distance
from the very infrastructure she’s trying to protect. She doesn’t need to know how
to build a cyber network. She needs to know how to protect one. Those are distinct
skills. And she’ll be judged by how well she does the latter.

Shane Harris