Dive Brief:
- President Joe Biden nominated Jen Easterly as the director of the Cybersecurity & Infrastructure Security Agency (CISA) Monday, according to confirmation from White House National Security Advisor Jake Sullivan. Easterly is a managing director at Morgan Stanley and leads the resilience and fusion resilience center. She served as the global head of its cybersecurity fusion center.
- Reported frontrunner to the CISA director role, Rob Silvers, was named as the undersecretary for policy within the Department of Homeland Security (DHS). Between 2016 and 2017, Silvers served as the assistant secretary of homeland security for cyber policy within the Obama administration.
- Chris Inglis was named as the national cyber director within the White House, which coordinates federal and private cybersecurity. Inglis formerly served as the deputy director of the National Security Agency (NSA), and currently teaches as a distinguished visiting professor of cyber studies at the United States Naval Academy.
Dive Insight:
The appointments coincide with the discretionary funding request the White House submitted on Friday.
The White House is requesting $500 million for the Technology Modernization Fund, $110 million for CISA and $750 million as a "reserve for Federal agency information technology enhancements," according to the order. The funds are an addition to the $650 million for CISA and $1 billion for the Technology Modernization Fund found in the American Rescue Act approved last month.
Biden's recent cyber nominations all need Senate approval, though their confirmations are expected to be easy. Former CISA Director Chris Krebs was confirmed in a bipartisan fashion in 2018 before President Donald Trump terminated him in November. The firing left a gap in federal cybersecurity leadership, shortly before officials uncovered the Solarwinds attacks, one of the nation's most historic cyber events.
At the time of Krebs' Tweet firing, other high-profile names within CISA departed, including Former Assistant Director for Cybersecurity Bryan Ware and Deputy Director Matthew Travis. Brandon Wales served as executive director of CISA before becoming acting director in the interim.
Upon the news, Krebs tweeted "Don't forget Anne Neuberger as [deputy national security advisor] already in place. My goodness. This is a team."
Easterly will become CISA's second overall, and first woman, director. Before leaving for the private sector, Easterly served under former President Barack Obama's National Security Council as a special assistant to the president from 2013 to 2016.
Between 2011 and 2013, Easterly worked as deputy director for counterterrorism in the NSA. During her time in the Obama administration, Easterly played a pivotal role in the development of the U.S. Cyber Command.
Lawmakers were antsy to fill the national cyber director role while Deputy National Security Advisor Anne Neuberger acts as the lead for the SolarWinds investigations.
"I'm a little disappointed, to tell you the truth, that they haven't named the national cyber director," Sen. Angus King, I-ME, said during a March 17 press briefing. "I think they could have done so by now. And we would be moving toward confirmation instead of waiting," until the final structure of the office is sorted.
Inglis served alongside King on the Cyberspace Solarium Commission (CSC), which he was nominated to by Sen. Mitch McConnell, R-KY. While a CSC commissioner, King said his "clarity of vision for a future of stability and security in cyberspace" was his greatest contribution," in an emailed statement to Cybersecurity Dive. "The job will be tough, but there is no one more qualified than Chris."
The national cyber director position was proposed by the CSC and included in the National Defense Authorization Act (NDAA), approved by Congress in December.
As national cyber director, Inglis will be expected to do contingency planning, an area particularly in need of improvement, as 85% of critical infrastructure is owned by the private sector, according to the CSC. Inglis considered the role the most important CSC recommendation adopted by the NDAA, he said during a webcast in January.
The national cyber director and executive branch could "take advantage of the executive action" powers," Inglis said during the webcast, though the position is outside the realm of offensive cybersecurity measures.