Chris Inglis has been unanimously confirmed as the first national cyber director following years of calls from all corners to create the cybersecurity leadership position in the U.S. federal government.
The move comes amid multiple steps by President Biden to strengthen and protect U.S. infrastructure from cyberattacks, and to improve communications and coordinated cyber response across the U.S. government and private industry. President Biden's efforts include an executive order on cybersecurity that could force IT service providers to strengthen their cyber practices.
Inglis steps into the new role as pressure mounts on security officials to respond more forcefully to cyber aggression by foreign adversaries, namely Russia and China, both of which have landed a number of blows on U.S. government agencies and critical infrastructure, most prominently the SolarWinds Orion infiltration, the Microsoft Exchange hack and the Colonial Pipeline ransomware incident.
The 66-year old Inglis, who formerly held the post of National Security Agency (NSA) Deputy Director, had been a front runner for the job and was widely expected to win nomination and gain quick confirmation. His appointment comes one day after the Senate Homeland Security and Governmental Affairs Committee unanimously approved his nomination. He most recently worked as a Looker Distinguished Visiting Professor in Cyber Security Studies at the U.S. Naval Academy, a managing director at investment company Paladin Capital and a commissioner at the Cyberspace Solarium Commission (CSC).
Inglis is expected to work closely with Anne Neuberger, deputy national security advisor for cyber and emerging technology on the National Security Council, and Jen Easterly, Biden’s nominee to lead the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), should she also be confirmed by Congress. In a dizzying move, Sen. Rick Scott, (R-FL) pledged to place a hold on Easterly’s nomination until President Biden visits the U.S. southern border.
Chris Inglis: Perspectives on U.S. Cybersecurity
At his nomination hearing, Inglis told members of the Senate Homeland Security and Governmental Affairs Committee that cyber threats “will never go away completely, but we can bring it down, we can bring it to heel significantly.” The public and private sector must collaborate, along with foreign nations, to deliver a muscular response to increasing cyber attacks, Inglis said. “We should bring to bear all instruments of power in a hugely collaborative way across not just the private and public sector, but nations plural,” he said. In what appeared to be a reference to nation-state sponsored cyber attacks, Inglis said that “like-minded nations need to remove the sanctuary and bring to bear consequences on those who hold us in risk.”
The exact nature of Inglis’ responsibilities remain undefined. In general, he will be tasked with coordinating federal cybersecurity policy across agencies and serve as a point of contact between Congress and the White House. Inglis will carry many of the responsibilities of the White House cybersecurity coordinator, a position eliminated in 2018 by former national security adviser John Bolton, will command a staff of 75 people and wield far more authority. Inclusion of the cyber czar role in the defense policy bill maps to the standalone National Cyber Director Act introduced in July, 2020 by Reps. Jim Langevin (D-RI) and Mike Gallagher (R-WI). That bipartisan legislation called for a lead to function as the president’s principal advisor on cybersecurity and associated emerging technology issues.
The fiscal $740 billion 2021 National Defense Authorization Act (NDAA) approved in December 2020 created the new national cybersecurity director position within the White House responsible for coordinating federal cybersecurity policies. The NDAA became law on January 1, 2021. In September, 2020, the Government Accountability Office (GAO) warned that without a “clear central leader” to coordinate the disparate U.S. cybersecurity programs of 23 federal agencies, the White House cannot ensure that strategies and plans are effectively executed to support the nation’s cyber defenses. The idea for the position sprung in part from a large set of recommendations proposed by the CSC in March, 2020 calling for a new national cyber director to function as the president’s chief cybersecurity advisor.
Biden Fills Key U.S. Cybersecurity Positions
While seemingly slow to fill the top cyber post, in addition to Neuberger Biden has quickly appointed several cybersecurity veterans with both public and private sector experience, including Michael Sulmeyer, as Senior Director for Cybersecurity; Elizabeth Sherwood-Randall as Homeland Security adviser; Russ Travers as Deputy Homeland Security adviser; and Caitlin Durkovich as Senior Director for Resilience and Response at the National Security Council.