President Biden nominated two former National Security Agency officials to oversee federal cybersecurity policy on Monday, including the nation’s first cyberdirector.
The appointments come as lawmakers are confused about who in the federal government is accountable for cybersecurity and what cybersecurity officials are doing to improve the nation’s cyberdefenses.
Mr. Biden named former National Security Agency Deputy Director John C. Inglis as the nation’s first national cyberdirector and former NSA official Jen Easterly to lead the Cybersecurity and Infrastructure Security Agency (CISA).
The selection of new cybersecurity leadership will immediately face two major cyber intrusions afflicting the public and private sectors, namely the SolarWinds hack of computer network management software and the Microsoft Exchange servers hack.
The U.S. government has identified Russia as the likely culprit of the SolarWinds hack compromising nine federal agencies, while Microsoft has said China-based cyberattackers preyed on its Exchange servers.
Much remains to be determined about the job responsibilities of the national cyber director. Congress created the Senate-confirmed “National Cyber Director” position in a 2020 defense bill, and it has remained open in advance of Mr. Biden‘s anticipated appointment.
He previously selected Anne Neuberger, deputy national security adviser for cyber and emerging technology, to oversee the federal government’s response to the SolarWinds hack.
The federal government’s handling of the ongoing cyber problems has befuddled lawmakers. Last week, Sens. Gary Peters, Michigan Democrat, and Rob Portman, Ohio Republican, wrote to the Office of Management and Budget, requesting a “list of roles and responsibilities for federal cybersecurity” so that lawmakers would understand who is accountable and responsible for cybersecurity across the agencies of the federal government.
Four lawmakers pushed for the new cyber director position as part of the Cyberspace Solarium Commission’s recommendations.
Reps. Jim Langevin, Rhode Island Democrat, and Mike Gallagher, Wisconsin Republican, and Sens. Angus King, Maine independent, and Ben Sasse, Nebraska Republican, are members of the commission that has sought an overhaul of national cyber policy hearkening back to the Eisenhower administration’s secret Project Solarium study that developed options for confronting the Soviet Union during the Cold War.
The commission’s four lawmakers praised Mr. Inglis and Ms. Easterly on Monday.
The lawmakers said Mr. Inglis was “instrumental” in creating the cyber director position he was appointed to fulfill.
“Chris’s greatest contribution was his clarity of vision for a future of stability and security in cyberspace, one where the public and private sectors work side by side in this critical area,” the lawmakers said in a statement. “The job will be tough, but there is no one more qualified than Chris.”
The lawmakers also said they worked with Ms. Easterly in developing their recommendations for cyber policy.
“Jen provided valuable feedback throughout the Solarium Commission’s strategy development sessions as one of our ‘red team’ members. Her incisive mind and tenacity will be great assets to CISA as it continues to mature,” the lawmakers said. “Strengthening CISA is an essential part of the Solarium strategy and Jen is just that — a strong pick.”
Some cybersecurity professionals have raised doubts about the necessity of a cyber director and how that person would work alongside Ms. Neuberger.
Dmitri Alperovitch, co-founder of the Silverado Policy Accelerator that seeks to enact new tech policy, has questioned the utility of the new position.
“It was a huge overreaction I believe to the frankly dumb decision by [former national security adviser John] Bolton at the time to get rid of this role of cyber coordinator,” Mr. Alperovitch said on Steptoe & Johnson’s Cyberlaw Podcast earlier this year. “Clearly we need someone in the White House that’s senior to coordinate cyber and as a result, the Congress — as it often does — oversteered and created this role when the Biden administration during the campaign, post-election, the transition team was already telling Congress, ‘Don’t do this please, we’re going to fix it ourselves. We’re going to create this position of deputy national security adviser for cyber,’ which they did.”
• Ryan Lovelace can be reached at email@example.com.
Copyright © 2022 The Washington Times, LLC.