WASHINGTON—National Cyber Director Sean Cairncross said the Trump administration plans a whole-of-nation approach in order to combat the threat of malicious cyberattacks from the U.S.’s top geopolitical rivals.
Cairncross delivered the opening keynote at the Billington Cybersecurity Summit, saying the administration will push forward an aggressive new posture to counter the risks presented by authoritarian regimes like China.
He said American digital networks have been under assault by threat actors that are using espionage, intellectual property theft, ransomware, political influence campaigns and prepositioning malware on our critical infrastructure.
However, unlike centrally controlled authoritarian regimes, the U.S. operates in a political environment system where power is decentralized and political leaders have to work across a range of federal, state and local governments and tribal authorities.
This has created a patchwork system, and the U.S. has spent far too much time and resources responding passively to threats without a coordinated strategy, Cairncross said.
“We have all the tools we need, and now we’ve got the political will in place to address these challenges,” he said, adding that stakeholders across the U.S. must put all of the nation’s cyber capabilities together to help shift the burden from Americans toward the country’s adversaries.
Cairncross specifically cited recent threat activity from China, which has infiltrated U.S. government and critical infrastructure networks for future destructive attacks. He said the U.S. needs to send a signal that the behavior is unacceptable and that it will impose costs in response to such activity.
The Billington keynote marks the first major public remarks by Cairncross since he won Senate confirmation to lead the Office of the National Cyber Director in August.
Cairncross is a former CEO of Millennium Challenge Corp, a foreign aid agency with the US government, and served as a senior adviser to the White House chief of staff during the first Trump administration, but does not have a specific background as a cybersecurity specialist.
Cairncross outlined three immediate priorities the administration is focused on.
He called for the Cybersecurity Information Sharing Act of 2015, which is set to expire at the end of the month, to be extended. The act is critical to encouraging private sector organizations to share threat information with the federal government. Cairncross said he is actively working with lawmakers to make sure CISA 2015 is reauthorized.
Second, Cairncross called for the U.S. to quickly upgrade the technology used in federal agency networks. These agencies have been the subject of numerous cyber intrusions, and part of the problem has been many of them use outdated software and run on aging computer systems.
Cairncross also called on the technology sector to uphold standards of being secure by design and embrace privacy by design as well. He lastly called for streamlining federal regulations so that companies no longer have to deal with burdensome compliance checklists from federal authorities.
The speech demonstrated that Cairncross understands the importance of “cultivating a strategic and resilient cyber environment” as a core component of advancing U.S. national interests, according to Haiman Wong, resident fellow, cybersecurity and emerging threats at the R Street Institute.
“His call for an overarching cyber policy — from offense to end user defense — brings the coherence we need to effectively deter adversaries and emerging cyber threats targeting our critical infrastructure, businesses and everyday Americans,” Wong told Cybersecurity Dive via email.
