Homeland Security's Top Cybersecurity Official Resigns

Phil Reitinger, the point man on cybercrime at Homeland Security, decides it's time to move on


Phil Reitinger, the Department of Homeland Security's top cyber and computer crimes official, is resigning just days after the administration launched its most ambitious cybersecurity initiative.

"I have decided that the time has come for me to move on from the Department," Reitinger wrote in an e-mail to DHS employees this afternoon. Reitinger, who, as deputy undersecretary in DHS's National Protection and Programs Directorate, was the department's senior interagency policymaker, said in an interview with National Journal that the timing of his announcement was not meant to signal any disapproval with the White House.

"I am fully supportive of the direction the administration is going. Because there has been a recent spate of announcements, because I think we've made a lot of progress, because I think we've built a good team, now is the time for me to leave some of the execution and further development to the team," he said.

Reitinger said he wants to spend the summer with his family - he has young children and he's been working in cyber security "since they were born."

He will step down on June 3. On Monday, four Cabinet secretaries unveiled a joint strategy for international cybersecurity coordination, and last week, the administration sent detailed legislative guidance to Congress on a number of critical issues. Reitinger told National Journal he is most proud of the team he put together.

His biggest concern upon departure, he said, is the "challenge" of "keeping cyber on the front burner."

"It's easy to say, 'well, we've made progress, let's go do something else.' We cannot do that. We have to stay focused like a laser beam," Reitinger said.

The DHS cyber team has monitored a surge of major cyber attacks in the private sector, with crises like the penetration of Google by Chinese hackers, aggressive attempts to break into NASDAQ's computers, and most recently, an audacious but simple infiltration of RSA, a top cybersecurity company perhaps best known for its SecurID computer security product.

"Phishing" - in which hackers use spam to lure their targets into opening up hidden malware on their work computers, giving up access to larger networks, remains the favorite tool of cyber-criminals.

Some in Congress want to elevate the position Reitinger held to a Senate-confirmable deputy with broader powers, and to give DHS's cybersecurity programs their own directorate. Since DHS was given the responsibility to protect the homeland from cyber threats, as well as direct authority to protect dot.gov domains from intrusions, it has competed for resources and attention with the Department of Defense, which stood up an entire cyber command and has the mighty computers of the National Security Agency at its fingertips. In October, DHS signed a groundbreaking memorandum of agreement with the Department of Defense, a statement of principles acknowledging that while the different departments had different legal duties, "we want to be able to work together as one team." In practice, that means that DHS and DOD cyber scientists and engineers work at each other's facilities.

Reitinger participates in a weekly secure video teleconference with officials from the Pentagon and other agencies. The domestic-focused orientation of senior DHS cyber managers conflicts with the military bearing of DoD cyber warriors, and concerns about data storage, privacy, and threats that cross domains continue to vex policymakers. Also, DHS wants to hire the best cybersecurity engineers and scientists, and has boosted pay in order to make the jobs more attractive than those in the private sector, which anticipates billions of dollars worth of growth in the cyber-protection realm.

DHS's National Cyber Security Division provides warning and advice to the government and private sector about potential threats through its National Cybersecurity and Communications Integration Center, runs exercises to test the government's response to major intrusions, and has completed guidelines for the feds to follow in the event of a cyber-emergency.

Reported friction between DHS and other government agencies has diminished under the watch of White House senior director for cyber policy Howard Schmidt, who was charged by President Obama with de-conflicting and streamlining cyber response and policy priorities associated with it. Last week, Schmidt sent to Congress detailed guidance from the White House about legislation to establish a formal way to protect and certify the nation's critical private infrastructure, as well as formally give DHS authority over the dot.gov domain.

Rand Beers, Reitinger's direct superior at DHS, wrote in an e-mail to employees that Reitinger's "leadership, intellectual rigor, enthusiasm, and commitment to the mission and the people of NPPD have been a central feature in making our organization better. I, in particular, will miss him as a true partner in our work here. But we all move on eventually and organizations have to adapt."

Correction: an early version of this article misstated the number of children Reitinger has and the number of  participants on a weekly video conference call.

Image: Hyungwon Kang/Reuters