President Joe Biden hires a group of national security veterans with deep cyber expertise, drawing praise from former defense officials and investigators, as the U.S. government works to recover from one of its agencies’ biggest hacks. attributed to Russian spies.
“It’s great to see the new administration prioritize cybernetics,” said Suzanne Spaulding, director of the Defense of Democratic Institutions project at the Center for Strategic and International Studies.
Cybersecurity has been downgraded as a political domain under former US President Donald Trump. He cut off White House cybersecurity coordinator, downgraded the State Department’s cyber diplomacy wing and fired federal cybersecurity leader Chris Krebs following Trump’s November 3 election defeat.
Revealed in December, the hack hit eight federal agencies and numerous companies, including software provider SolarWinds Corp. US intelligence agencies have publicly attributed it to Russian state actors. Moscow has denied involvement in the hack.
Under a recent law, Biden is set to open a cyber office to report to a new national cyber director, who will coordinate the federal government’s vast cyber capabilities, said Mark Montgomery, a former congressman who helped design the role.
The main candidate for the position of cyber director is Jen Easterly, a former senior official of the National Security Agency, according to four people familiar with the selection process.
A poster featuring six wanted Russian military intelligence officers is displayed ahead of a press conference at the US Department of Justice on October 19, 2020, in Washington, DC [File: Andrew Harnik/ Pool via AP]
Now head of resilience at Morgan Stanley, Easterly held several intelligence positions in the administration of President Barack Obama and helped create the US Cyber Command, the largest cyber warfare unit in the country.
The Biden administration “has appointed world-class cyber security experts to its leadership positions,” Microsoft Vice President Tom Burt said in a statement.
Some observers are concerned, however, that the collective group’s experience is almost entirely in the public sector, said a former official and an industry analyst who requested anonymity. The distinction is important because the vast majority of Internet infrastructure in the United States is owned and operated by US corporations.
“Finding a good balance with both government and business experience will be key to success,” said Amit Yoran, former director of cybersecurity for the U.S. Department of Homeland Security (DHS) and now chief executive of the security company. Tenable Inc.
To replace Krebs at DHS, Biden plans to nominate Rob Silvers, who also worked for the Obama administration, to become director of the Cybersecurity and Infrastructure Agency, according to the four people informed about the matter.
Amit Yoran testifies on Capitol Hill in Washington ahead of a hearing by the House Oversight and Investigation Subcommittee on deciphering the encryption debate [File: Manuel Balce Ceneta/AP Photo]
Biden’s National Security Council (NSC), an arm of the White House that guides an administration’s security priorities, includes five officials with experience in cybersecurity.
At the helm is Anne Neuberger, chief official of the National Security Agency, as deputy national security adviser for cyber and emerging technology, a new position aimed at raising the issue internally.
“The United States remains extremely unprepared for 21st century security threats,” said Philip Reiner, executive director of the Institute for Security and Technology. “The establishment and prioritization of a DNSA for cyber technology and emerging technology on the NSC indicates the seriousness that the Biden administration will allow itself to meet these challenges.”
Neuberger has become one of the most visible figures in the NSA in recent years, after leading the cyber wing of the intelligence agency, praising companies for quickly alerting companies to hacking techniques used in other countries.
The other four positions are Michael Sulmeyer as Senior Director of IT, Elizabeth Sherwood-Randall as Advisor for Homeland Security, Russ Travers as Deputy Advisor for National Security and Caitlin Durkovich as Senior Director for Resilience and Response the NSC.
All four previously worked in national security positions dealing with cyber security.