VIDEO: Ex-DHS Secretary Chertoff on Modern Cybersecurity Landscape

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...


By Jimmy H. Koo

The cybersecurity threat landscape has intensified as attacks have grown more serious in recent years, Michael Chertoff, executive chairman of risk management company The Chertoff Group, told Bloomberg BNA in a recent video interview.

Everybody in the world has been touched by cyberattacks, and in many people’s minds, cybersecurity tops the list of security concerns, Chertoff said.

Before co-founding the eponymous company, Chertoff served in the George W. Bush administration as the second secretary of homeland security. Before joining the Department of Homeland Security, Chertoff served as a federal judge on the U.S. Court of Appeals for the Third Circuit.

Michael Chertoff
Cybersecurity Workforce

Cybersecurity is a “hot area,” and people in the information technology sector are increasingly migrating to cybersecurity positions, Chertoff said. That makes sense considering that IT professionals’ technology and engineering backgrounds tend to give them a “leg up on cybersecurity,” he said.

But “cybersecurity is more than coding,” Chertoff said. Cybersecurity professionals need to understand the nature of threats and the kinds of strategies necessary to protect themselves, he said. In order to address the national shortage of cybersecurity professionals, Chertoff said companies and government agencies should “take a wider view of the skill sets” they want for their cybersecurity professionals.

“One size doesn’t fit all,” Chertoff said.

Internet of Things Threats

The proliferation of internet-connected devices has linked consumers to the internet on an unprecedented scale. However, the rise of the always-connected culture has triggered a variety of cybersecurity threats.

The cybersecurity challenge isn’t insurmountable, but consumers need to be careful with internet of things devices, Chertoff said. Companies manufacturing these devices need to “build in security from the ground floor, not retrofit it,” he said.

Consumers need to recognize that, when connected to a network, internet of things devices become an “entry point” to that network—so network configurations and which devices are connected become important issues, Chertoff said.

In efforts to fight cybersecurity threats, the federal Cybersecurity Information Sharing Act (CISA) is “a start,” Chertoff said. CISA, which was enacted in 2015, facilitates the sharing of online threat data between the DHS and companies. It allows enterprises to take defensive action on their networks and also provides safe harbor for sharing threat information, he said.

Although information sharing is effective, Chertoff said it shouldn’t become mandatory, because each company has specific circumstances to take into account.

To contact the reporter on this story: Jimmy H. Koo in Washington at

To contact the editor responsible for this story: Donald Aplin at

For More Information

The full interview video is available at

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security