Cyber policy gurus are urging the incoming Trump administration and Congress to elevate the role of the White House Office of the National Cyber Director, taking aim at perceived power struggles between ONCD and the National Security Council.

The role of ONCD has emerged as an immediate cyber policy priority for outside advocates heading into the new administration. They argue a stronger national cyber director would be better positioned to respond to major cyber incidents and coordinate federal cybersecurity regulations.

The issue was highlighted by Auburn University’s McCrary Institute prior to the presidential election. And this week, the Center for Cybersecurity Policy and Law offered detailed recommendations for strengthening ONCD in a new report.

Since being established by law in 2021, “ONCD has matured into one of the several key components of the U.S. government’s policymaking apparatus for cybersecurity — across both the government and the private sector,” the CCPL writes in the report.

The office has led implementation of the Biden administration’s cyber strategy and brought White House attention to specific cybersecurity challenges, like workforce and education.

“However, several changes are needed to ensure the efficacy of the office, especially as it relates to these other relevant agencies within the U.S. government,” the report adds.

The report homes in on the relationship between ONCD and the National Security Council. Prior to the national cyber director being established as a Senate-confirmed position, the Biden administration created the role of the deputy national security advisor for cyber and emerging technology to coordinate federal cyber efforts.

“The balance and boundaries between the DNSA role and the NCD remain unclear, and collaboration between the two offices lacks organization and structure,” the report states.

Internal clashes between DNSA Anne Neuberger and the first National Cyber Director, Chris Inglis, reportedly led Inglis to resign from the job less than two years after being appointed.

The CCPL report recommends Congress codify the national cyber director’s role as the U.S. government’s “lead external-facing cyber official.” The report argues the role should be like that of the U.S. Trade Representative.

“ONCD should be considered the primary advisor to the president on most unclassified cybersecurity-related issues,” the report states. “This would extend to any policy intended to specifically improve the cybersecurity posture of the U.S., including regulatory harmonization efforts, public-private partnerships,  and coordination of domestic incident response.”

The report also recommends dual-hatting a senior official at ONCD as a senior director in the National Security Council’s cyber directorate.

Need for clarity among cyber roles

During an event hosted by the Cybersecurity Coalition in Washington on Thursday, current and former officials expanded on the relationship between ONCD and NSC. Several suggested the national cyber director’s office could take over the interagency “Cyber Response Group” from the NSC.

“Specifically in the cyber domain, that’s what ONCD focuses on,” Julie Klein, former principal senior advisor at ONCD, said during the event. “NSC is dealing with things beyond cyber, all tools of national power and have other pieces of conflict brought into them. And so I think in a situation that’s bigger than just cyber, it makes sense for the NSC to maintain those responsibilities, but ONCD is uniquely suited to focus on the specific cyber pieces.”

Steve Kelly, former FBI and NSC cyber official, also highlighted how the White House establishes a “unified coordination group” in response to a significant domestic cyber incident.

“That’s another question, actually, where the ONCD might have even a much stronger role in coordinating a large scale response and making sure that the various departments and agencies and coordinating with the private sector, that all the right things are happening,” Kelly said.
“And so I think that there’s a lot of opportunity to work on what those roles and responsibilities are, but I think that needs to be put into writing to there can’t be confusion as to who’s running what when the time comes.”

Phil Stupak, who currently serves as assistant national cyber director for government partnerships, said ONCD’s involvement in recent cyber events, such as the CrowdStrike incident, have demonstrated how the office has developed good relationships with the NSC and other White House organizations.

“I do think that some clarity could come here, perhaps more so than any other space,” Stupak said. “But what’s working right now is the fact that we have good connectivity built in across these various tools.”

But former officials also highlighted how the presence of multiple cyber leaders across the U.S. government can lead to confusion within agencies. Kelly pointed to the federal chief information officer, the director of the Cybersecurity and Infrastructure Security Agency and the director of the National Security Agency as examples.

“I think for the for the NCD to be able to fulfill the fullness of the vision, we actually need some of those other leaders to, in terms of their public posture, step back about a half a notch, because right now there are a lot of chiefs,” Kelly said. “And so we do need a bit of a rebalancing around that idea of the public face of the U.S. government cyber mission. Not just as a marketing opportunity, but as a true mission integrator.”

Salt Typhoon effect

During a separate event hosted by the Center for Strategic and International Studies on Monday, former deputy national cyber director Rob Knake also suggested shifting cyber incident response to from the NSC to the ONCD.

“It should not be somebody on the NSC,” Knake said. “The day-to-day management of that crisis, I think needs to happen at the NCD, which is staffed and has the authorities to do that, that are much clearer for NCD than they are for the NSC.”

The incoming Trump administration will be faced with the fallout from the Salt Typhoon cyber attack against major U.S. telecommunications providers. The incident will provide an early test of how the new Trump White House deals with a major cyber incident.

But Knake said the incident could also convince the incoming administration to maintain the status quo.

“If you’re beginning with a crisis, which I think Salt Typhoon is turning into, you can put somebody in the [deputy national security advisor] role full time in a non-acting capacity on day one,” Knake said. “NCD is a Senate confirmed position. So we could end up in an unfortunate situation in which the Trump team says we’re going to keep both these roles, and we will continue to have this power struggle.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.