- The addition of the national cyber director in the White House is "essential but incomplete" for solving current cyberspace challenges, Chris Inglis, distinguished visiting professor in cybersecurity studies at the U.S. Naval Academy, and President Joe Biden's pick for national cyber director, said at the Billington CyberSecurity Defense Summit Thursday. The panel was pre-recorded about a week prior to the summit.
- Because of a lack of consistency between presidential administrations, Inglis said there should be an "enduring commitment to cyber leadership." The federal government already has the appetite for coherence, it just needs more continuity.
- Inglis pointed out strengths the public and private sectors provide in cybersecurity, including people, resources, technology and emerging regulations. However, it's missing the "fabric" that joins and strengthens the individual components. "I think the national cyber director will be accountable, responsible for the fabric," said Inglis.
The White House confirmed Inglis as its nominee for national cyber director, and Jen Easterly for the director of the Cybersecurity & Infrastructure Security Agency (CISA), on April 12.
The national cyber role was a primary recommendation of the Cyberspace Solarium Commission (CSC) adopted into the National Defense Authorization Act (NDAA), of which Inglis served as a commissioner. Congress approved NDAA in December, establishing the director in the executive branch.
For many, the adoption of the role signaled a greater federal focus on cybersecurity. The closest position the White House had before was national cyber coordinator, which was eliminated by former President Donald Trump in 2018.
While CISA attempted to fill a gap in the White House, the executive voice was still needed for coordination. "There's a risk the national cyber director becomes an uber-CISA director," said Suzanne Spaulding, senior advisor for Homeland Security, director of the Defending Democratic Institutions Project, and member of the CSC, during the panel. "That is not going to be the best outcome here."
The national cyber director will have to have a close working relationship with the deputy national security advisor, which is held by Anne Neuberger.
"We need to have that cohesion across the largely defensive role that we envisioned for the national cyber director," said Spaulding. The role will be wrapped into the intelligence and Department of Defense authorities under Title 10 and Title 50, "that the administration clearly would put in the National Security Council itself."
Biden's National Security Council is filled with professionals with cyber-specific backgrounds. The Inglis and Easterly nominations are expected to be approved bipartisanly, just as former CISA Director Chris Krebs was in 2018.
"From a congressional perspective, I think it's really important to have a person that members of Congress can routinely interact with when it comes to cyber issues," Rep. Mike Gallagher, R-WI, and co-chair of the CSC, said during the panel. Ideally, the director could lend themselves to be a productive partner between Congress and the White House in cybersecurity.
While Gallagher said Congress is open to iterating on challenges posed by cybersecurity, it needs authorities to move legislation at a quicker pace. But ending old initiatives is more of a challenge than beginning new ones, said Brandon Wales, acting director of CISA, during the webcast.
It's difficult for 100-plus federal departments and agencies to align and deploy new capabilities, but it's "even harder to then begin to make a transition away, knowing all the work, knowing all the investment, knowing all the constituencies that have now bought into that existing approach," said Wales. "How do you walk away from it?"
It's a challenge private industry meets when investing in cybersecurity; tools and solutions become outdated quickly in cyberspace. Convincing leadership to adopt more agile, flexible programmatic architectures will lend itself to evolve with cyberthreats.