The Biden administration has three key leaders the country can turn to during a major cyberattack — but until last year, two of the three positions they hold did not exist.
Why is it important: The industry executives, former officials and lobbyists who regularly chat with this trio are still trying to sort out who does what.
The big picture: The Biden administration has won praise from experts for stabilizing and strengthening an executive branch cybersecurity operation that had gone wobbly in the Trump era.
- The Trump administration cut his White House cyber coordinator position in 2018. Trump also fired then-Cybersecurity and Infrastructure Security Agency (CISA) director Chris Krebs via tweet in 2020 after Krebs pushed back against lies that the election was “rigged”. .”
- By comparison, Biden has three senior officials, including two in the White House, and last year signed a far-reaching executive order to beef up cybersecurity for federal agencies.
- Yes, but: It is difficult for the public sector to know where to turn in the face of a large-scale cyberattack.
Biden’s ‘Big Three’ are National Cybersecurity Director Chris Inglis, Cybersecurity and Infrastructure Security Agency Director Jen Easterly and Anne Neuberger, Deputy National Security Advisor for Cybersecurity at the White House National Security Council.
Is broken down their respective territories in an interview with Axios:
- Neuberger manages the White House cyberpolicy program.
- Inglis develops strategies to strengthen the broader US cyber ecosystem, including the private and public sectors.
- CISA is focused on defending the federal government and the private sector against attacks.
Catch up quickly: Congress created the office of national director of cybersecurity last year and mandated the role to be an adviser to the president, other White House offices and federal agencies on domestic and diplomatic matters.
- However, lawmakers did not anticipate that the Biden administration would also establish Neuberger’s role in the NSC when they created the Office of the National Cybersecurity Director (ONCD) in January 2021, sparking lingering concerns about the administration has too many senior cybersecurity officials.
- Several agencies, including the FBI, Justice Department, and Treasury Department, already play key roles in investigating cybercrime and nation-state hacks. Some agencies also set cybersecurity rules for their own sector.
Between the lines: Conversations with six former government officials and people who work on industry government affairs teams reveal varying interpretations of how the new office fits in with existing agencies.
- Former Senate aide and NSC official Mark Montgomery told Axios that the ONCD should oversee national cyber needs alongside CISA, while the NSC should take the lead in international cyber efforts. .
- Three industry sources, who each requested anonymity to discuss private White House conversations, say they want to see Inglis — rather than Neuberger — become the sole public figurehead during cybersecurity crises and lead security initiatives. country’s cybersecurity.
- Others believe Inglis’ role should work in tandem with CISA and the NSC, swapping who takes the lead in crises based on each cyberattack.
- Inglis’ office released a “statement of strategic intent” in October aimed at answering some of the questions about his focus.
Yes, but: Despite the confusion, most pundits give high marks to Inglis, Neuberger, and Easterly for accomplishing a lot while juggling the divisive cyber-turf politics.
- An onslaught of high-profile cyberattacks – including the Log4j vulnerability and Russian threats linked to the war in Ukraine – left little room for turf wars
- This isn’t the first time Easterly, Inglis and Neuberger have worked together: They’ve overlapped in previous positions at the National Security Agency, and each has worked for the Pentagon at some point in their careers.
- “We all have a strong relationship from before, so we work well together,” Easterly told Axios.