President Joe Biden hires a group of national security veterans with deep cyber expertise praised by former defense officials and investigators as the US government tries to recover from one of its agencies’ biggest hacks attributed to Russian spies.
“It’s great to see the new administration prioritize cyber,” said Suzanne Spaulding, director of the Defending Democratic Institutions project at the Center for Strategic and International Studies.
Cybersecurity was downgraded as a policy field under the administration of former US President Donald Trump. It halted the position of the White House cybersecurity coordinator, downsized the State Department’s cyber diplomacy wing, and fired federal cybersecurity leader Chris Krebs in the wake of Trump’s election defeat on Nov. 3.
The hack was announced in December and affected eight federal agencies and numerous companies, including software provider SolarWinds Corp. US intelligence agencies publicly attributed it to Russian government actors. Moscow has denied involvement in the hack.
Under a recent law, Biden is required to open a cyber-focused office reporting to a new national cyber director, who will coordinate the federal government’s vast cyber capabilities, said Mark Montgomery, a former congressional assistant who helped design the role.
The leading cyber director candidate is Jen Easterly, a former senior National Security Agency official, according to four people familiar with the selection process.
A poster of six wanted Russian military intelligence officers is displayed before a press conference at the United States Department of Justice on October 19, 2020 in Washington, DC. [File: Andrew Harnik/ Pool via AP]
Easterly, now head of resilience at Morgan Stanley, held several senior intelligence posts in President Barack Obama’s administration and helped set up US Cyber Command, the nation’s largest cyber warfare unit.
The Biden administration “has hired world-class cybersecurity experts for leadership positions,” Tom Burt, Microsoft’s corporate vice president said in a statement.
However, some observers are concerned that the collective group’s experience lies almost entirely in the public sector, said a former official and an industry analyst who asked for anonymity. The distinction is important because the vast majority of US internet infrastructure is owned and operated by US companies.
“Finding the right balance with both government and commercial experience will be critical to success,” said Amit Yoran, former U.S. Department of Homeland Security (DHS) cybersecurity director and now CEO of security firm Tenable Inc.
To replace Krebs at DHS, Biden plans to nominate Rob Silvers, who also worked in the Obama administration, as director of the Cybersecurity and Infrastructure Security Agency, according to four people briefed on the matter.
Amit Yoran testifies on Capitol Hill in Washington before House Oversight and Investigations subcommittee hears about deciphering encryption debate [File: Manuel Balce Ceneta/AP Photo]
Biden’s National Security Council (NSC), a branch of the White House that guides a government’s security priorities, includes five experienced cybersecurity officers.
Leading the hiring is Anne Neuberger, senior National Security Agency official, as Deputy National Security Advisor for Cyber and Emerging Technology, a new position designed to take the topic to the next level internally.
“The United States is still hopelessly unprepared for the threats of the 21st century,” said Philip Reiner, CEO of the Institute for Security and Technology. “The establishment and prioritization of a DNSA for cyber and emerging technology at the NSC shows how seriously the Biden administration will afford to address these challenges.”
Neuberger became one of the most visible figures at the NSA in recent years after leading the spy agency’s cyber-defense wing and receiving words of praise for quickly warning companies about hacking techniques used in other countries.
The other four hires include Michael Sulmeyer as senior director for cyber, Elizabeth Sherwood-Randall as homeland security adviser, Russ Travers as deputy homeland security adviser and Caitlin Durkovich as senior director for resilience and response at the NSC.
All four previously served in senior national security posts dealing with cybersecurity.