The White House finally moved to fill two of the remaining and most important technology leadership roles in government.
President Joe Biden said yesterday he plans to nominate Chris Inglis, the former deputy director of the National Security Agency, to be the new national cyber director in the White House, and Jen Easterly to lead the Cybersecurity and Infrastructure Security Agency in the Department of Homeland Security.
Insight by Confluent: Learn about how agencies are benefitting from that concept of data-in-motion to improve mission outcomes in this exclusive e-book.
These two positions, along with the Energy Department’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), were among the most prominent unfilled roles in the Biden administration.
Energy also announced yesterday Puesh Kumar will serve as acting principal deputy assistant secretary for CESER.
The president also plans to nominate John Tien to be deputy secretary and Robert Silvers to be the undersecretary for strategy, policy and plans at DHS.
Both Inglis and Easterly come from the private sector, but have deep ties in government. The Senate has to confirm both to their respective roles.
“If confirmed, Chris and Jen will add deep expertise, experience and leadership to our world-class cyber team, which includes the first-ever Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger, as well as strong, crisis-tested professionals from the FBI to ODNI to the Department of Homeland Security to U.S. Cyber Command and the National Security Agency. I’m proud of what we are building across the U.S. government when it comes to cyber,” said Jake Sullivan, the National Security Advisor, in a statement. “We are determined to protect America’s networks and to meet the growing challenge posed by our adversaries in cyberspace — and this is the team to do it.”
Along with Senate confirmation, the next step is for the White House to complete its 60-day review of the new cyber director position.
Rep. Jim Langevin (D-R.I.) said in an interview with Federal News Network that the White House’s review will help better outline the scope of the new cyber position.
“Looking at this holistically, what I know is important to Chris and to me, is we now have a point person in charge that will coordinate our cyber defensive strategies and a person who now has the policy and budgetary authority to reach across government and compel departments and agencies to step up their game on cybersecurity and make sure they are addressing vulnerabilities,” he said. “The closest we had before was a cyber coordinator, but they lacked policy and budget authority or any teeth. It was more of a coordinating role. This is a position with the right authorities and will make a big difference for the country writ large.”
Langevin praised both pending nominations, having worked with Inglis in the past both during his time at NSA and as a commissioner on the U.S. Cyberspace Solarium Commission.
Easterly also worked at NSA as the deputy for counterterrorism as well as the White House during the Obama administration as the special assistant to the president and senior director for counterterrorism.
Before returning to federal service, Easterly was the head of firm resilience and the fusion resilience center at Morgan Stanley where she was responsible for ensuring preparedness and response to operational risks to the firm.
She also served as the cyber policy lead for the Biden-Harris Transition Team.
Easterly takes over for Chris Krebs, who was forced out by the White House in November.
She will run a CISA organization that has transformed over the last decade. It now has more authorities to oversee federal networks through tools like Binding Operational Directives (BOD) and threat hunting, which came to CISA in January as part of the Defense authorization bill.
CISA also is the beneficiary of Congressional support to the tune of $650 million in new funding from the American Rescue Plan. The Biden administration also is asking for another $110 million for CISA in the fiscal 2022 budget.
Want to stay up to date with the latest federal news and information from all your devices? Download the revamped Federal News Network app
Even with both Inglis and Easterly’s nominations and expected confirmations, they still do not answer the question of who is ultimately responsible for federal cybersecurity.
Lawmakers in February called the current approach clunky and inadequate.
“I am encouraged to see the intent to nominate a director for the helm of our nation’s lead federal civilian cybersecurity agency. Ms. Easterly brings substantial credibility and a reputation of working productively between government and the private sector to increase the cybersecurity resilience of the nation,” said Rep. John Katko (R-N.Y.) ranking member of the Homeland Security Committee, in a release. “On the heels of the SolarWinds cyber campaign and the compromise of the Microsoft email server, CISA has found itself at the forefront of two significant, national cyber incidents in just the last few months. As a nation, we are at a crossroads in our strategy to defend and secure the .gov cyber space, and strong leadership is essential. I continue to call on President Biden to support desperately-needed changes to allow CISA more centralized, real-time visibility into the entirety of the civilian .gov and put CISA on a much needed path to becoming a $5 billion agency.”
Langevin said the White House cyber director has been a position he has been trying to create for more than a decade, in part to address the lack of centralized oversight and authority. He said Inglis will be the point person dealing with both internal and external to government cyber threats and challenges.
He said Easterly needs to focus on building CISA cyber capabilities.
“Right now they rely heavily on defense support of civil authorities, which is fine because they get the support they need,” Langevin said. “But going forward, we can’t and we should not rely on defense support civil authorities. For CISA to effectively fulfill their mission, it needs to grow its own cyber capabilities and we look forward to supporting that.”