Keypoint: President Biden shows a strong preference for the cybersecurity expertise of former National Security Agency (NSA) leaders with his choices for significant cyber roles within his administration.
On April 12, 2021, the White House announced that President Biden selected two individuals to join his administration in the area of cybersecurity. Mr. Chris Inglis is nominated to be the first national cyber director, and Ms. Jen Easterly is nominated to serve as the new director of the Cybersecurity and Infrastructure Security Agency (CISA). Both positions require confirmation by the U.S. Senate.
Each nominee brings extensive cybersecurity experience to the table, having worked in various capacities at the NSA. Mr. Inglis, currently a managing director at Paladin Capital Group, worked at the NSA for nearly thirty years, with seven years as the NSA’s senior civilian deputy director. Ms. Easterly, who currently leads Morgan Stanley’s Fusion Resilience Center, spent approximately ten years at the NSA and U.S. Cyber Command, and was a member of the National Security Council for President Obama.
These nominations are in addition to a cybersecurity position the Biden Administration created and filled before the inauguration. In mid-January, President Biden appointed Anne Neuberger to be the deputy national security adviser for cyber and emerging technology, a new position on the National Security Council. Like today’s nominees, Ms. Neuberger had been at the NSA for more than a decade before being selected to join the Biden Administration.
The confirmation process for both nominees is expected to be smooth, with only mild concerns voiced regarding their and Ms. Neuberger’s collective expertise coming from the public sector, when concerns about threats to critical infrastructure and supply chains (both owned and operated by the private sector) are rising. However, as Reuters reported in January, a closer look at their backgrounds shows those concerns may be misplaced.
Mr. Ingils is a member of the Cyberspace Solarium Commission, a bipartisan entity created by Congress to develop a strategy for protecting critical infrastructure. Ms. Easterly’s time at Morgan Stanley is focused on protecting a financial institution that is a component of the country’s economic security. As the leader of NSA’s Cybersecurity Directorate, Ms. Neuberger is praised for implementing the directorate’s goal which she described in 2019 as “sharing all of our unclassified information as early as possible, … so we can target that sharing to the right entity and then partner with DHS on critical infrastructure . . . to build the security of that sector.”
Appointing talented public servants to bolster cybersecurity is good news, but the federal government is not capable of protecting every computer network in the private sector. Business leaders who feel overwhelmed by the breadth and scope of the threats to their company networks, particularly those involved with critical infrastructure, should continue to watch for guidance and updates from CISA and other information-sharing resources such as industry-specific information sharing and analysis centers/organizations (ISAC/ISAO) to improve their resilience and recovery capabilities.