President Joe biden recruits a group of national security veterans with deep cybersecurity expertise, garnering praise from former defense officials and investigators as the US government struggles to recover of one of the biggest hacks of its agencies attributed to Russian spies.
“It’s great to see the priority the new administration is giving to cyber,” said Suzanne Spaulding, director of the Defending Democratic Institutions project at the Center for Strategic and International Studies.
Cyber security was demoted as a political domain under the administration of former US President Donald Trump. He ended the post of cybersecurity coordinator at the White House, reduced the cyber diplomacy section of the State Department, and sacked federal cybersecurity chief Chris Krebs following Trump’s election defeat on November 3 .
Revealed in December, the hack hit eight federal agencies and numerous companies, including software provider SolarWinds Corp. US intelligence agencies publicly attributed it to Russian state actors. Moscow has denied any involvement in the hacking.
Under a recent law, Biden is to open a cyber-liability-focused office, reporting to a new national cybersecurity director, who will coordinate the federal government’s extensive cyber capabilities, said Mark Montgomery, a former member of the Congress who helped design the role.
The main candidate for cyber director is Jen Easterly, a former senior official at the National Security Agency, according to four people familiar with the selection process.
Now head of resilience at Morgan Stanley, Easterly has held several high-level positions in President Barack Obama’s administration and helped create the U.S. Cyber Command, the nation’s primary cyber warfare unit.
The Biden administration “has appointed world-class cybersecurity experts to leadership positions,” Microsoft Corporate Vice President Tom Burt said in a statement.
Some observers are concerned, however, that the collective group’s experience is almost entirely in the public sector, said a former official and an industry analyst who requested anonymity. The distinction is important because the vast majority of the American Internet infrastructure is owned and operated by American companies.
“Finding the right balance between government and business experience will be critical to success,” said Amit Yoran, former director of cybersecurity for the US Department of Homeland Security (DHS) and now managing director of security firm Tenable Inc. .
To replace Krebs at DHS, Biden plans to appoint Rob Silvers, who also worked in the Obama administration, to become director of the Cybersecurity and Infrastructure Security Agency, according to four people briefed on the matter.
Biden’s National Security Council (NSC), a branch of the White House that guides an administration’s security priorities, includes five senior cybersecurity officials.
Leading recruiting is Anne Neuberger, a senior official at the National Security Agency, as Deputy National Security Advisor for Cyber and Emerging Technologies, a new position designed to elevate the subject internally.
“The United States is unfortunately not prepared for the security threats of the 21st century,” said Philip Reiner, director general of the Institute for Security and Technology. “Establishing and prioritizing a DNSA for cyber and emerging technologies on the NSC indicates the seriousness that the Biden administration will take on these challenges.”
Neuberger has become one of the NSA’s most visible figures in recent years after leading the cyber defense wing of the spy agency, praising it for quickly alerting companies to hacking techniques used by other countries.
The other four recruits are Michael Sulmeyer as Senior Director for Cybercrime, Elizabeth Sherwood-Randall as Homeland Security Advisor, Russ Travers as Deputy Homeland Security Advisor and Caitlin Durkovich as Senior Director for Homeland Security resilience and response to NSC.
All four previously held senior national security positions that dealt with cybersecurity.