The outgoing White House national cyber director is highlighting the progress his office made over the last four years, while also queuing up key issues, like regulatory harmonization and software liability, for the incoming Trump administration.

White House National Cyber Director Harry Coker, speaking at the Foundation for the Defense of Democracies in Washington on Tuesday, ran down his office’s signature efforts, including the 2023 national cyber strategy and the push to establish minimum cyber standards for critical industries. Congress passed a law establishing the ONCD in 2021 to lead governmentwide cyber strategy and policy.

In addition to implementation of the national cyber strategy, ONCD also now plays a key role in establishing agency priorities for cybersecurity, while also advancing distinct issues ranging from memory safe programing language to cyber workforce.

But as President-elect Donald Trump prepares to enter the White House, Coker said ONCD’s role among the various executive branch functions should be strengthened further.

“There’s still more that we can and should do in the cybersecurity landscape with regards to planning and response,” Coker said at today’s FDD event. “That’s an area where we ought to take on more responsibility.”

Coker also said ONCD’s relationship with the White House Office of Management and Budget “can grow and be strengthened.” The federal chief information security officer, who sits at OMB, is currently dual-hatted as the deputy national cyber director. ONCD and OMB have also collaborated on annual cybersecurity budget guidance over the last three years.

“It’s good to give budget guidance,” Coker sad. “We need to give budget direction when it comes to cybersecurity. I would love for the incoming administration, or any administration, to recognize the priority of cybersecurity. It’s a responsibility that every department and agency needs to stand up to. We need to give more than guidance when it comes to the cybersecurity budget.”

Meanwhile, the incoming Trump administration already has a litany of cyber incidents it will have to pick up on day one, including the Salt Typhoon telecom intrusions and the recent Treasury Department hack.

President Joe Biden last week also signed out an executive order on succession planning for ONCD.

“The ONCD team will serve the American people in the Trump administration and beyond with dedication and excellence,” Coker said during his remarks. “My ONCD colleagues don’t know any other way.”

Cyber regulatory harmonization

While the Biden administration has championed setting cyber requirements for critical infrastructure, Coker also pointed to a need to address “duplicative regulation.”

He highlighted his office’s push for cyber regulatory harmonization. ONCD led a request for information from industry and advocated for a “comprehensive policy framework” to address harmonization.

The Senate Homeland Security and Governmental Affairs Committee last year passed a bill that would have put the national cyber director in charge of a government wide cyber regulatory harmonization committee. But the bill did not go any further before the end of the congressional session.

“Many of us were disappointed that this has not become law yet, but we have laid the groundwork for the next administration and Congress to do the right thing for our partners in the private sector,” Coker said. “They understand that to undo regulatory harm, we need regulatory harmonization.”

Cyber associations, industry groups and expert panels have called for regulatory harmonization to be a top cybersecurity priority for the next administration.

A key aspect of the HSGAC regulation would bring independent regulatory agencies, such as the Federal Communications Commission and the Securities and Exchange Commission, into the committee.

Comparing cybersecurity regulations to building codes, Coker added, “building codes should not be in conflict with each other.”

Software liability

Coker said his office is also finalizing policy recommendations for software liability.

Biden’s cyber strategy called for establishing a liability regime for software products and services. The aim is to hold companies liable for poor software security practices, while establishing legal safe harbor for those that follow secure development standards.

“We’ve developed options to address the hard legal problem of software liability,” Coker said. “Now this is a tough, tough challenge with enormous consequences for IT companies, as well as for American businesses and consumers.”

Coker added that ONCD has developed “a range of detailed potential policy approaches that are ready for the incoming administration and Congress to consider.”

Speaking to reporters after the event, Coker said his office is still finalizing the liability recommendations.

“What I expect is a set of options on various extremes, and balance is always key,” Coker said. “But what we have learned is that some parts of industry want software liability. I need to use a software capability from that company over there, but you’re going to blame me for its failure? So there is a stream there that some companies do want a level of software liability.”

Cyber workforce

ONCD has also played a major role driving forward cyber workforce initiatives across government. In 2023, it released a national cyber workforce and education strategy.

Coker said more than 180 organizations have since made commitments to hire more than 35,000 workers and invest $110 million to expand cyber training and education.

ONCD also advocates for opening many cyber jobs to “skills-based hiring,” as opposed to relying on degree qualifications. ONCD is supporting the Office of Personnel Management under an initiative to transition nearly 100,000 federal IT jobs to skills-based hiring.

“The skills based approach is the way to go, and we can develop those skills well short of four years,” Coker said. “We are not saying don’t go to colleges and universities for four year degrees. We are saying, let’s expand the pathway, expand the talent pool. Many Americans don’t have the time or the means to go to college for four years, but they can do it for two years or less. We’re expanding the avenues of coming into a cyber career.”

Copyright © 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.