Dive Brief:
- The White House has named Anne Neuberger, the recently appointed deputy national security adviser for cyber and emerging technology at the National Security Council, to oversee the Biden administration's response to the SolarWinds supply chain attack.
- Neuberger, who served as director of cybersecurity at the NSA from 2019 until her appointment in January, will be responsible for coordinating the inquiry into the nation-state attack. Suspected Russian actors hacked into the SolarWinds Orion platform over a period of months, a move that is considered one the most prolific cyber attacks in U.S. history, impacting about 18,000 companies and numerous federal agencies.
- The appointment was disclosed after what some view as surprising bipartisan criticism of the federal response to SolarWinds from Senators Mark Warner, D-VA, and Marco Rubio, R-FL, the chair and vice chair of the Senate Intelligence Committee, respectively.
Dive Insight:
The SolarWinds attack has opened a deeper conversation in recent months about the role of the federal government in coordinating cybersecurity policy and sharing intelligence with the private sector and operators of critical infrastructure.
The oversight criticism came in a letter Tuesday that was addressed to the top national security and cyber agencies in the U.S. government, alleging that the response to the SolarWinds attack has so far been "disjointed and disorganized," according to the joint statement from Warner and Rubio.
A spokesperson for the National Security Council said Neuberger had already been put in charge of the response, however her appointment had not been officially disclosed to anyone in Congress or the wider public.
"The federal government's response to date to the SolarWinds breach has lacked the leadership and coordination warranted by a significant cyber event, so it is welcome news that the Biden administration has selected Anne Neuberger to lead the response," the senators said in a statement. "The Committee looks forward to getting regular briefings from Ms. Neuberger and working with her to ensure we fully confront and mitigate this incident as quickly as possible."
The appointment drew praise from cybersecurity executives with experience in the national security realm.
"Anne Neuberger's extensive experience in national security and intelligence, coupled with her deep cybersecurity skills and leadership track record inside of NSA makes her a fantastic pick for leading the Biden administration's response to the SolarWinds breach," Charles Herring, CTO at WitFoo, said in an email. "Investigating the cybersecurity components of the breach are a single facet of a complicated international crime that requires someone with her unique experience and skills to effectively resolve."
However Mark Montgomery, executive director of the Cyberspace Solarium Commission, said the SolarWinds responsibility should be part of the national cyber director (NCD).
"In the absence of the NCD, Anne Neuberger is the most skilled person to handle this," he said. "I do not know how pragmatic this approach is though, because as [a National Security Council] official, she is not accountable to Congress."
He said this issue creates an argument for the White House chief of staff expediting the standup of the NCD and their office.