The new authorities in the recently passed defense bill are expected to assist the US government in its response to the SolarWinds hack that is believed to have been committed by Russia.
The National Defense Authorization Act (NDAA), which became law last week after Congress overburdened President Trump
Donald Trump McConnell distributes procedures for Trump’s second Senate removal process Trump suggests building own platform after Twitter banThe veto has officially established a cyber tsar position in the White House, in addition to granting numerous other cyber security powers that could help the incoming Biden administration respond to the Russian hack.
“Once this person is named and confirmed, this would be the person coordinating the response,” Rep. Jim Langevin
James (Jim) R. LangevinThe Senate approves the defense bill that establishes the position of cyber tsar, the citation power for the cyber agency The Speaker of the House approves Michele Flournoy for Pentagon chief Biden Hillicon Valley: Senate Intelligence Committee leaders warn of threats national security address Biden says China must play by “international rules” | House Democrats use the Markup app to vote for the MORE leadership contest (DR.I.), one of the key members of Congress who pressed for the position of national cyber director, told The Hill this week.
The national cyber director, a position confirmed by the Senate, could play a critical role as federal agencies face the depth and breadth of the SolarWinds hack.
“Instead of responding ad hoc and realizing as we go, you’ll have someone with a well-thought-out plan for a thorough and aggressive response, and we’d be much more efficient,” Langevin said of a response to SolarWinds hack. .
US intelligence agencies this week formally accused Russia is behind the attack on the IT company SolarWinds, which has hit customers such as Fortune 500 companies and most federal agencies since March.
The departments of Commerce, Defense, Energy, Homeland Security, Justice, State and Treasury said they were compromised by the hack.
SolarWinds reported last month that about 18,000 of its customers were likely affected. Microsoft and cybersecurity group FireEye have confirmed that they have been affected.
“This is a massive, massive issue that is certainly affecting governments, but in all likelihood it has major consequences outside the government, on the private sector, which we are still at the beginning of the deal,” said Amit Yoran, president and CEO of the group. cyber security. Resistant.
The executive no longer has a formal leader in cybersecurity since 2018, when he was a national security adviser John Bolton
John Bolton: Shocking GOP looks to the future with Trump Calls growing stronger to remove Trump under Amendment 25 John Bolton pleads against invoking 25th Amendment against Trump MORE eliminated the role as a way to reduce bureaucracy.
The move came a year after the State Department dropped out of its cybersecurity coordination office, making it more difficult for government coordination in international cybersecurity issues.
President-elect Joe Biden
Judge Joe BidenUS is blocking the Trump administration’s restrictions on asylum eligibility. McConnell is distributing proceedings for Trump’s second indictment in the Senate. it is likely to take a very different approach to cyber leadership.
“We need to be able to innovate and reimagine our defense against growing threats in new realms, such as cyberspace,” Biden told a news conference. last month while tackling the SolarWinds attack.
Biden has not yet named a cyber tsar, and a spokesman for the transition declined to comment on who might be considered.
Langevin said he hoped Biden would consider former officials such as Michael Daniel, who was a former aide to former President Obama and a cybersecurity coordinator on the National Security Council; Suzanne Spaulding, former director of the predecessor agency at the Agency for Cyber Security and Infrastructure Security (CISA); and Chris Inglis, former deputy director of the National Security Agency.
“We have been in contact with someone at a very high level in the Biden team and we hope to have a national cyber director sooner rather than later,” Langevin said.
Although the post has not been occupied, another key cybersecurity role that could help respond to the SolarWinds attack seems to be blocked.
Politico reportef On Thursday, Biden would soon appoint Ann Neuberger, director of the Cyber Security Directorate of the National Security Agency, to take on the new role created by the Deputy National Security Adviser for Cyber Security on the National Security Council.
The spokesman for the Biden transition declined to comment on this, but said that “the Biden-Harris administration will make cybersecurity an absolute priority, raising it as an imperative throughout the government from day one.”
“We will strengthen our partnerships with the private sector, academia and civil society; we renew our commitment to international norms and involvement in cyber issues; and expand our investment in infrastructure and the people we need to effectively defend the nation against harmful cyber activities, ”the spokesman added.
The two new positions are not the only new powers that the federal government responds to cyber threats.
The massive defense funding bill included more than two dozen other clauses that were based on recommendations compiled by the Cyberspace Solarium Commission (CSC), a congressional group of lawmakers, federal officials and industry leaders, to draw up a roadmap for US defense. in cyberspace.
Some of their recommendations that were included in the bill were clauses that allow CISA to conduct cyber threat hunting operations within an agency network, a power that could have notified officials much earlier about the SolarWinds hack.
The draft defense law also gives CISA the power to issue summonses to Internet service providers, forcing them to release information about cyber vulnerabilities detected in the networks of critical infrastructure organizations.
“I think a lot of the recommendations and things in the NDAA are going to help and it’s going to be pretty impactful,” Yoran said.
Langevin said he hoped the Biden administration would act quickly to implement the new authorities to “get their hands on” the growing risk posed by cybersecurity.
“I am already impressed by the national security team that President-elect Biden is forming,” Langevin said. “It will take a while, but I want to make sure that we implement the legal provisions, and together they will both help protect the United States in cyberspace.”