President-elect Joe Biden will become the 46th President of the United States at noon Wednesday, and is set to lead the country through a pandemic, economic turmoil and a fallout from the insurrection at the Capitol.
The Biden administration has already promised a fast-paced first 100 days, defined by a $1.9 trillion COVID-19 relief plan. Nestled in the stimulus package, the American Rescue Plan, are funds aimed at national cybersecurity improvements.
The package says "to remediate the SolarWinds breach and boost U.S. defenses, including of the COVID-19 vaccine process," Joe Biden is asking Congress for:
- $9 billion for the Technology Modernization Fund, directed partially toward the Cybersecurity & Information Security Agency (CISA) and the General Services Administration (GSA) shared services initiative.
- $200 million for onboarding security professionals supporting federal CISOs as part of the Information Technology Oversight and Reform fund.
- $300 million "in no-year funding for Technology Transformation Services" in the GSA, without requiring federal agencies to reimburse the investment.
- $690 million dedicated to CISA to "bolster cybersecurity across federal civilian networks, and support the piloting of new shared security and cloud computing services."
Since the SolarWinds hack, Biden said his administration will treat cyberthreats as serious as weapons, and will eventually respond to its perpetrators. The Biden-Harris transition has named numerous security and defense officials, though Biden's picks for CISA director and the White House cyber director are not yet in. Biden's nominations for secretary of state, secretary of Homeland Security, and director of national intelligence, among others, sat before Congress Tuesday for confirmation hearings.
As the Biden administration builds out the National Security Council (NSC) and names security-related Cabinet members, cybersecurity is emerging as a priority. The named NSC officials include people familiar with responding to cyberthreats to "deliberate acts of terror," said Biden, in a Build Back Better press release on Jan. 13. He sees his officials working with U.S. allies to "ensure the cyber rules of the road are made by democracies."
Cybersecurity is stringing the White House, federal agencies and private industry together. With cyber liaisons throughout the White House and Cabinet, companies should expect greater coordination and reliance.
Cybersecurity Dive combed through Biden's security picks either directly or indirectly related to cybersecurity. Here are the officials to know:
Alejandro Mayorkas — secretary of DHS:
Mayorkas is also an Obama administration alumnus, who served as deputy secretary of DHS between 2013 and 2016. In 2015, Mayorkas was present during the U.S.-China cyber agreement, aimed to reduce China's cyber espionage activity. Obama's former DHS Secretary Jeh Johnson wanted its cyberthreat system Einstein 3 Accelerated available across federal agencies, though the program was deemed outdated by former federal CISO Greg Touhill.
Antony Blinken — secretary of state:
Blinken served as the deputy secretary of state during Barack Obama's administration between 2015 and 2017. Blinken expects unilateral response from private industry, academia and government in light of a cyber incident. He is in favor of issuing penalties for cyber perpetrators and establishing international norms.
Avril Haines — director of national intelligence:
If confirmed by Congress, Haines is set to become the first woman to serve as director of national intelligence. She was previously principal deputy national security advisor to former President Barack Obama between 2015 and 2017. Prior to serving under Obama, Haines was deputy director of the CIA where she took part in the CIA's 2015 reorganization to incorporate greater cyber operations and innovation into the agency under former Director John Brennan.
Lisa Monaco — deputy attorney general:
Biden nominated Monaco, a DHS alumnus, and former assistant attorney general for national security within the Department of Justice under Obama. Current co-chair of the Aspen Institute Cybersecurity Group, Monaco assisted prioritizing the DOJ's prosecution of national security cyberthreats, leading to a national network of security cyber prosecutors.
Jake Sullivan — national security advisor:
Sullivan served as Biden's national security advisor when Biden was vice president. With ongoing investigations into the SolarWinds cyberattack, Russian actors are "likely to go beyond espionage,'' if they so choose, Sullivan said on a recent CNN segment. Sullivan, who worked on 2016 presidential nominee Hillary Clinton's campaign, has previously testified Russian actors had repeatedly phished campaign officials.
Anne Neuberger — deputy national security advisor for cyber and emerging technology:
Neuberger is currently the director of cybersecurity at the National Security Agency (NSA), a role she took on in 2019. She previously worked on election security within the NSA. The deputy security advisor role in the Biden administration and the president's NSC is a new role, developed with recovery from the SolarWinds hack in mind. The role will require cyber coordination across federal agencies.
Elizabeth Sherwood-Randall — homeland security advisor and deputy national security advisor:
Sherwood-Randall served as deputy secretary at the Department of Energy between 2014 and 2017 under Obama. During Bill Clinton's administration she served as deputy assistant secretary of defense for Russia, Ukraine and Eurasia. Biden and Sherwood-Randall worked together on defense policy while the president represented Delaware as a senator.
David Recordon — director of technology:
In Biden's White House, Recordon is expected to merge his expertise in technology and security. He is currently the Biden-Harris Transition team's deputy CTO, and previously served in the Obama administration as director of White House IT. Recordon has worked as an engineering director at Facebook and is currently VP of infrastructure and security at the Chan Zuckerberg Initiative.
Russ Travers — deputy homeland security advisor:
Travers previously served as the acting director of National Counterterrorism Center (NCTC) before departing in March 2020. Travers is on the record expressing frustration about the difficulty staffing the NCTC to respond to cyberthreats. Under Obama, Travers led an interagency effort responding to the 2016 Wikileaks disclosures.
Caitlin Durkovich — senior director for resilience and response:
Durkovich previously served as the assistant secretary for Infrastructure Protection and as chief of staff for the National Protection and Programs Directorate, which the CISA is a continuation of today in DHS. As assistant secretary, Durkovich was tasked with protecting critical infrastructure and redefining public-private risk management within the Obama administration.
Rob Joyce — director of cyber, NSA:
Joyce is replacing Neuberger at the security agency, he previously served as a senior advisor in cybersecurity strategy to the agency's director.
Michael Sulmeyer — senior director for cyber:
Sulmeyer previously worked as the director for Plans and Operations for Cyber Policy in the Office of the Secretary of Defense under Obama. Sulmeyer also served in the Trump administration as senior advisor Gen. Paul Nakasone, within the NSA and U.S. Cyber Command.