More than two months into the Biden presidency, the White House has yet to nominate a national cyber director to centralize federal cybersecurity policy.
In the wake of the cyber attack that targeted SolarWinds Orion software and the ongoing infiltration by Chinese operatives of a flaw in Microsoft’s Exchange Server, the President is taking some pointed criticism that he’s yet to make his pick to shepherd a whole-of-government approach most believe is necessary to protect the nation in cyberspace. The absence of a national cyber lead, who is subject to Senate confirmation that could take more than a month to complete, has become even more glaring given those alarming hacks.
U.S. Federal Government: Cybersecurity Leader Candidates
At this point, it’s not clear who Biden might nominate as the nation’s cyber leader. Some names that have surfaced in various reports include:
- Michael Daniel, former special assistant to President Obama and cybersecurity coordinator on the National Security Council, currently helming the Cyber Threat Alliance;
- Suzanne Spaulding, who headed the agency prior to the Cybersecurity and Infrastructure Security Agency; and
- Chris Inglis, former deputy director of the National Security Agency.
While seemingly tardy to fill the top cyber post, Biden has quickly appointed several cybersecurity veterans with both public and private sector experience, including:
- Anne Neuberger, a top official at the National Security Agency (NSA), to serve in a new cybersecurity-focused role on the National Security Council;
- Michael Sulmeyer, as Senior Director for Cybersecurity;
- Elizabeth Sherwood-Randall as Homeland Security adviser;
- Russ Travers as Deputy Homeland Security adviser; and
- Caitlin Durkovich as Senior Director for Resilience and Response at the National Security Council.
Neuberger is the White House’s point person on the SolarWinds incident.
U.S. National Cybersecurity Director: Background
The fiscal $740 billion 2021 National Defense Authorization Act (NDAA) approved last December created the new national cybersecurity director position within the White House responsible for coordinating federal cybersecurity policies. The NDAA became law on January 1, 2021.
The person filling the job carries many of the responsibilities of the White House cybersecurity coordinator, a position eliminated in 2018 by former national security adviser John Bolton, who now will command a staff of 75 people and wield far more authority. Inclusion of the cyber czar role in the defense policy bill maps to the standalone National Cyber Director Act introduced in July, 2020 by Reps. Jim Langevin (D-RI) and Mike Gallagher (R-WI). That bipartisan legislation called for a lead to function as the president’s principal advisor on cybersecurity and associated emerging technology issues.
Biden views the position as a “priority,” an administration official told The Hill last week. The White House is currently reviewing the structure and nature of the role, the official said. “Setting up a new federal entity is complicated,” the person said. “This remains a priority. As it has been made clear by our actions, the White House takes cyber threats very seriously.”
U.S. National Cybersecurity Director: Calls for Action
Still, key Congressional legislators aren’t pleased with the administration’s lack of progress to fill the position. “It is discouraging that we don’t have a national cyber director, and we are coping with these serious intrusions,” Senator Angus King (I-ME), a member of the Senate Select Committee on Intelligence, recently said, as The Hill reported. “It may be that we are losing valuable time ... let’s name a national cyber director, send the nomination up here, and in the meantime the White House can work on establishment of the office,” King said.
John Katko, (R-NY), who serves as the ranking member on the House Homeland Security Committee, last week called for a “head coach, and the head coach has got to be a national cyber director,” The Hill reported. “And I am hopeful we are going to have one up and running soon, because we have a lot of things we need to do,” he said.
In September, 2020, the Government Accountability Office (GAO) warned that without a “clear central leader” to coordinate the disparate U.S. cybersecurity programs of 23 federal agencies, the White House cannot ensure that strategies and plans are effectively executed to support the nation’s cyber defenses. The idea for the position sprung in part from a large set of recommendations proposed by the Cyberspace Solarium Commission (CSC) in March, 2020 calling for a new national cyber director to function as the president’s chief cybersecurity advisor.