Cybersecurity Is 'The No. 1 Threat to Our Nation': Jeh Johnson's Legalweek Keynote

Former Homeland Security head Jeh Johnson was a keynote speaker at Legalweek at the New York Hilton Hotel in New York on Tuesday, Jan. 30, 2018. (Photo Credit: David Handschuh/NYLJ)

Jeh Johnson has led an illustrious career by any measure—having served as both U.S. secretary of Homeland Security and the general counsel for the U.S. Department of Defense, he's been at the forefront of efforts against major threats against the United States.

So what, among these threats, does Johnson deem the most dangerous? As he put it: “I'd have to say cyber threats are the No. 1 threat to our nation.”

“It's not just a threat. It's a daily ongoing, minute by minute, hour by hour, series of attacks,” he said. “There have been cyberattacks on the homeland since I walked into this room an hour ago.”

At the Jan. 30 keynote “Addressing Existential Threats: Surviving Turbulent Times and Finding a Way Forward” at Legalweek New York 2018, Johnson talked about his experience in addressing cybersecurity challenges and his views on the roles of government and organizations in managing threats. Among the organizations discussed were law firms, which he described as “pretty good” at security, “at least for those who have chosen to invest in it.”

“Security of an information system, of our email, is only as good as its weakest link. The most devastating cyberattacks by the most sophisticated actors often occur through a simple act of spear phishing,” he said.

“Educating those who use our systems about the evils of spear phishing can go a long way. I've seen it myself,” he added.

Speaking on the sorts of security threats of which legal professionals should be aware, Johnson explained that the types of “sensitive information” law firms possess from their clients—upcoming mergers and acquisitions, trade secrets, client competencies, for example—broaden their net of potential attackers.

“We're not just talking about nation-state actors, but those who seek to get a competitive edge,” he said. “So law firms in particular are not immune, and we need to rededicate and remind ourselves constantly that we're in possession of very, very valuable information for our clients.”

Johnson also noted that at times in his career, he felt disheartened about hackers being ahead of those trying to ward them off.

“It's always easier to be on offense than defense,” he said noting that when it came to security, the DHS was “always the goalie trying to block the shots.”

Yet, he noted, the DHS has done much more work fighting off hackers than people tend to realize. Often, he said, the press doesn't hear about the success stories. “You hear about the failure. You don't hear about the 10,000 successes because the media is more interested in defenses.”

Johnson has also worked in Big Law. Currently, he's a partner in Paul, Weiss, Rifkind, Wharton & Garrison's litigation department. Commenting on advising clients threatened by cyberattacks and “overreach of the discovery process,” he noted “we like to divide our lives into pre- and post- [cyber] events.”

“In pre-event, we try to advise clients about ways in which you could mitigate, prevent and  minimize the fallout. Frankly, in my view, not enough clients take advantage of advice to prevent rather than advise once the event has occurred.”

Outside of cybersecurity, Johnson also discussed the state of legal technology, noting that when he came out of law school, lawyers were still doing all of their research with books. “Now, we have targeted research [technology] where the association can come back with the precise legal proposition you're looking for. My concern is that in doing this very targeted high-technology research,  we tend to miss a lot of other things that are closely related.”

“We deal with each other less and less in person, and I think there's value to that kind of collegiality in law firms,” he added.

Johnson also discussed his views on President Donald Trump's administration, noting that in 2016, as the director of national intelligence, he'd “pointed the finger at the Russian government in October 2016 for trying to interfere in our election.”

The threat, he says, “is going to get worse before it gets better.”

“Bad cyber actors … are increasingly aggressive and tenacious and ingenious, and we have yet to turn the corner in dealing with the cyberthreat to our nation. Those of us on defense struggle to keep up, and it's going to get worse before it gets better.”

Johnson said that his June 2017 testimony before the House Intelligence Community about the alleged Russia hacks got more attention than any of his other testimonies. Speaking of the attacks, he said, “like many Americans, I watch with growing alarm and despair as the American presidency now degenerates into a reality TV show. We watch as Washington continues to drown in partisan dysfunctional politics. It has become the ends, not the means, and the standards of behavior of our national leaders spirals downward.”

“This may be what the American people have come to expect of their political  leadership. We watch as a new standard of behavior trickles down into American politics,” he added.