President Biden is preparing to assemble a crack US government cybersecurity team, and has pledged $10bn in funding to shore up the defenses of Uncle Sam's computer networks.
Former NSA and National Security Council official Jen Easterly will reportedly be put forward as National Cyber Director, a role that will oversee the federal government's cybersecurity activities. Easterly was part of the team that set up US Cyber Command at the Dept of Defense, she served in Iraq in 2006 using signals intelligence to track down targets, and is right now Head of Firm Resilience at global financial giant Morgan Stanley.
The National Cyber Director (NCD) is an entirely new post that was created by this year's must-pass military budget bill.
In addition, former assistant secretary for cyber policy at Homeland Security Rob Silvers is expected to be put forward as director of the Cybersecurity and Infrastructure Security Agency (CISA), which advises the public and private sector on computer security. He is thus set to replace Chris Krebs who was fired by President Trump in November after he not only refused to say that the presidential election results were fraudulent but said that the election had been “the most secure in American history.” Silvers held the aforementioned Homeland Security post during Obama's final year as president.
And Eric Goldstein, another former Homeland Security official, is expected to be tapped for the executive assistant director of CISA’s Cyber Division. Goldstein, who served under the Obama administration, was the head of engagement at Homeland Security's Office of Cybersecurity and Communications.
All the above are rumors; there is no official word yet from the top.
Who's down with NCD?
The NCD will “serve as the principal advisor to the President on cybersecurity policy and strategy” and be the point man in the US government for all things cyber, including offering “advice and consultation to the National Security Council and its staff, the Homeland Security Council and its staff, and relevant Federal departments and agencies.”
SolarWinds: Hey, only as many as 18,000 customers installed backdoored software linked to US govt hacksREAD MORE
Most importantly, given the recent SolarWinds backdoor – in which it appears the Russian government gained access to the email systems of several key US government departments via tainted network-monitoring software – the NCD will be responsible for “preparing the response by the federal government to cyberattacks and cyber campaigns of significant consequence across Federal departments and agencies.”
In a speech in December, Biden described the SolarWinds compromise as a “grave threat to national security,” and later said the United States needed to “innovate and reimagine our defenses against growing threats in new realms like cyberspace.”
The rumored quick hires are welcome after President Trump had seemingly gone out of his way to diminish the issue of cybersecurity during his presidency, including allegedly shifting funds away to instead build a Mexican border wall.
If there's one criticism of the approach taken by Biden so far it's that all his picks have been primarily public-sector people with relatively limited experience in the corporate world. The internet remains a network run almost entirely over private networks.
The president has ring-fenced about $10bn in funding in his upcoming COVID-19 pandemic relief plan to improve the US government's cybersecurity efforts. The vast majority of funding will go to CISA and the General Services Administration (GSA): $9bn for new cybersecurity services split between them; $200m will go to hiring tech experts for the US Digital Service; $300m to funding new GSA programs; and $690m to CISA for better security monitoring and incident response.
However, the funding is only at the proposal stage and there's no sign yet that Congress is in a mood to play along any time soon. ®