U.S. Cybersecurity Strategy: President Biden Executive Orders, Legislation, Leaders and More
President Joe Biden is overhauling the U.S. cybersecurity strategy and leadership. This blog, updated regularly, tracks how the U.S. federal government, Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), Department of Defense (DoD), Department of Justice and other agencies are evolving their leadership, cyber defenses and risk mitigation strategies to protect U.S. infrastructure.
The ongoing updates, outlined below, also point out key developments and deadlines involving IT service providers and MSSPs that work with the federal government.
May 12, 2o21: President Biden signed a cybersecurity executive order that has implications and deadlines for IT service providers that work with the federal government.
April 15, 2021: The Biden administration launched sanctions against Russia to punish the country for allegedly launching the SolarWinds Orion cyberattack and interfering in U.S. presidential elections.
April 12, 2021: President Biden is expected to name two former National Security Agency officials to high-level cybersecurity positions today. Mr. Biden is expected to nominate Jen Easterly to lead the CISA. Separately, Chris Inglis, the former deputy director of the NSA, is expected to be nominated as the first ever national cyber director. Earlier rumors from January 2021 had mentioned Easterly for the national cyber role. Source: The Wall Street Journal, April 12, 2021.
March 29, 2021: Multiple updates…
- National Cybersecurity Director – Still Pending: More than two months into the Biden presidency, the White House has yet to nominate a national cyber director to centralize federal cybersecurity policy. Source: MSSP Alert, March 29, 2021.
- Russia Allegedly Hacks Homeland Security: Alleged Russian hackers apparently accessed email accounts belonging to the Trump administration’s head of the Department of Homeland Security and DHS cybersecurity staff members whose jobs included hunting threats from foreign countries. The DHS email hacks allegedly trace back to the SolarWinds Orion attack. Source: The Associated Press, March 29, 2021.
March 26, 2021:
- Homeland Security Advisors Fired: The Biden administration has fired 32 members of the Homeland Security Advisory Council, POLITICO reports. The removal of the members, who were unpaid, suggests that the Biden administration is continuing to put its stamp on DHS, whose Immigration and Customs Enforcement component early on resisted a move to do a temporary halt on deportations. The firing also comes as the Biden administration struggles to address a migrant surge at the border. Source: Politico, March 26, 2021.
March 25, 2021:
- Breach and Hack Disclosures Required?: A planned Biden administration executive order will require many software vendors to notify their federal government customers when the companies have a cybersecurity breach. Source: Reuters, March 25, 2021.
Thursday, February 4, 2021:
- Biden Cyber Statement: President Biden said his administration is launching an “urgent initiative” to improve the nation’s cybersecurity, pointing to concerns around malign efforts by Russia and China. “We’ve elevated the status of cyber issues within our government,” Biden said as part of a national security speech at the State Department. “We are launching an urgent initiative to improve our capability, readiness and resilience in cyberspace.” Source: The Hill, February 4, 2021.
Tuesday, February 2, 2021:
- Homeland Security Leader: The United States Senate has approved Alejandro Mayorkas as secretary of the Department of Homeland Security (DHS). Known mostly for physical homeland security, DHS also has major cyber responsibilities — including overseeing the Cybersecurity and Infrastructure Security Agency (CISA).
Wednesday, January 27, 2021:
- DOJ Targets Ransomware: The U.S. Department of Justice has announced a coordinated international law enforcement action to disrupt NetWalker ransomware. Source: The U.S. Department of Justice, January 27, 2021.
Tuesday, January 26, 2021:
- Federal CISO: The Biden administration has selected Chris DeRusha as federal chief information security officer (CISO). DeRusha brings federal, state and private-sector cybersecurity experience to the role. Source: Nextgov, January 26, 2021.
- CISA Senior Advisor: Eric Goldstein is among the first Biden administration picks currently at work at the Homeland Security Department, at the Cybersecurity and Infrastructure Security Agency. Goldstein has started as a senior advisor at CISA. Brandon Wales is still the acting director of the cyber agency. Two people familiar with Goldstein’s position said he is the CISA Executive Assistant Director Cybersecurity Division—a role previously held by Bryan Ware who left as former President Donald Trump was clearing out the agency. Source: Bloomberg Government, January 26, 2021.
Monday, January 25, 2021:
- China and U.S. Data Security: President Biden is committed to making sure that Chinese companies cannot misuse and misappropriate American data and will ensure that U.S. technology does not end up supporting China’s “malign activities,” a State Department spokesperson said. Source: Reuters, January 25, 2021.
Friday, January 22, 2021:
- U.S. National Cyber Director: The recently passed National Defense Authorization Act for FY21 requires President Biden to establish a national cyber director and a corresponding office for the role, SeekingAlpha notes. The lead candidate for the role is Jen Easterly, a former National Security Agency (NSA) official who now heads resilience at Morgan Stanley. Easterly previously served in various roles during the Obama administration and helped create the U.S. Cyber Command cyber warfare unit. Source: Reuters, January 22, 2021.
- CISA Leader: President Biden will likely tap Robert Silvers, a former assistant secretary at the Department of Homeland Security, to head DHS’ Cybersecurity and Infrastructure Security Agency, handing him the mission of protecting U.S. critical infrastructure and federal computer networks from hackers. Source: Politico, January 22, 2021.
DoD Leader Confirmed: Lloyd Austin, a retired four-star Army general, has been confirmed by the Senate, making him the first Black secretary of defense in U.S. history. Source: NPR, January 22, 2021.
- Federal Cybersecurity Talent: President Joe Biden is hiring a group of national security veterans with deep cyber expertise, drawing praise from former defense officials and investigators as the U.S. government works to recover from the SolarWinds Orion-related hacks of its agencies attributed to Russian spies. Source: Reuters, January 22, 2021.
Thursday, January 21, 2021:
- CISA vs. Ransomware: The Cybersecurity and Infrastructure Security Agency (CISA) rolled out a new public awareness campaign vs. ransomware cyberattacks. Acting CISA Director Brandon Wales announced the program during an appearance at the U.S. Conference of Mayors’ virtual winter meeting, Source: The Hill, January 21, 2021.
Wednesday, January 20, 2021:
- Alleged China Espionage: Outgoing U.S. Federal Communications Commission (FCC) chairman Ajit Pai said potential Chinese espionage and threats to U.S. telecommunications networks and Internet freedom are the biggest national security issue that regulators will face in the next four years. Source: Reuters, January 20, 2021.
Blog originally published January 22, 2021. Updated regularly thereafter. Check back for ongoing updates.