Governance, Risk and Compliance, Government Regulations, Critical Infrastructure Security

Coker confirmed for National Cyber Director as industry preps for SEC reporting rule

Harry Coker Jr. testifies

Harry Coker was confirmed as National Cyber Director by the U.S. Senate on Tuesday, filling the vacancy left by Chris Inglis’ departure in February.

Coker previously served as executive director of the National Security Agency (NSA) from 2017 to 2019 and worked at the Central Intelligence Agency (CIA) for 17 years in its Directorate for Digital Innovation, Directorate for Science and Technology, and Director’s area. He is also a lawyer and a Navy veteran.

Coker is the White House cyber office’s second director since it was established in 2021 to advise the president on cybersecurity matters. In the interim period since Inglis’ departure, the office was led by Kemba Walden from March to November, and Drenan Dudley since Nov. 20.

“As a former NSA employee myself, it is great to see someone with a practitioner background from within NSA being in that position,” Ira Winkler, CISO at CYE, told SC Media.

Winkler continued: “Chris Inglis was awesome in that role, and likewise previously served at the NSA. Generally, these roles go to career policy people, and while a good portion of the job does involve politics and working across government, Harry understands the underlying concerns in ways policy wonks cannot.”

Experts say leadership needed at crucial time for cyber policy

Several cybersecurity professionals who spoke with SC Media welcomed the news of Coker’s confirmation, expressing hope that the new leadership will bring needed guidance during a turbulent time for the cyber sector.

“This critical role has been vacant for most of the year, and it is more important than ever to have a coordinated cybersecurity policy across all levels of government, and across the public and private sector,” said Sabeen Malik, vice president of government affairs and public policy at Rapid7.

The confirmation comes just as businesses across the country are preparing for new cybersecurity incident reporting rules from the Securities and Exchange Commission (SEC) that go into effect on Dec. 18.

The four-day deadline for reporting major cyber incidents has been the topic of much debate, with fears it could lead to premature reporting of unmitigated incidents, something Rapid7 noted in its comments to the SEC (PDF) prior to the rules’ adoption.

There are also concerns that the SEC requirements duplicate or conflict with rules already set by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).

“At a time when cyber regulations are at the forefront of leader’s minds, I am excited to hear the news of Coker’s appointment to national cyber director to help simplify federal regulations and accountability,” commented Gary Barlet, field chief technology officer at Illumio. “Coker will play a vital role in securing the nation as a whole, especially with critical infrastructure attacks on the rise.”

Meanwhile, cyber defenders are also grappling with threats stemming from the ongoing Russia-Ukraine and Israel-Hamas wars, the rapid evolution of generative AI, and more.

“While there will continue to be disagreements in Washington over the extent to which government should legislate or regulate cybersecurity, [Coker’s confirmation] will help fill a leadership void that has existed in the cyber policy arena,” said Robert DuPree, manager of government affairs at Telos Corporation.

“Geopolitical tensions continue to increase and there are constantly new technologies expanding the security landscape,” DuPree continued. “Having this top White House post finally filled by a Senate-confirmed director 10 months after the position was vacated will help the administration better work with Congress and the private sector to implement the National Cybersecurity Strategy and other such initiatives.”

The White House’s National Cybersecurity Strategy (PDF), published in March 2023, focuses strongly on strengthening critical infrastructure security, increasing public-private cybersecurity collaboration, and holding businesses more accountable when it comes to securing their systems, protecting consumer data and building software that is secure by design.

The government aims to complete all 69 initiatives outlined in the National Cybersecurity Strategy by Q4 2026, according to its implementation plan (PDF) published in July.

“Over the past year, Kemba Walden and Drenan Dudley have led the office very capably and it’s good to now once again have a permanent leader in place. We look forward to partnering with Mr. Coker as the Office advances key cybersecurity goals,” commented Drew Bagley, vice president and counsel of privacy and cyber policy at Crowdstrike.

Coker signals desire to strengthen public-private partnerships

Coker was first nominated for the National Cyber Director position by President Joe Biden in July and testified before the Senate Homeland Security & Governmental Affairs Committee in November before his nomination was advanced to the Senate floor.

“Since retiring from government service in 2019, I have continued focusing on the challenges our Nation faces in cyberspace by supporting organizations as they prepare for and respond to evolving cyber threats. During this time, I have seen a need for stronger partnerships and collaboration between the public and private sectors,” Coker said in his prepared statement to the committee (PDF).

Coker further testified that if he was confirmed, he would “ensure cooperation continues to be the North Star at the Office of the National Cyber Director and the guiding principles for the Administrations cyber work with all partners, including Congress.”

In front of both the committee and the full Senate, Coker fielded questions on a range of topics from the cybersecurity talent shortage to the rise of artificial intelligence. He was confirmed by a vote of 59-40, mostly along party lines, with Republican pushback mainly focused on concerns about social media censorship, according to a Fox News report.

While affirming his commitment to free speech and privacy, Coker maintained his focus on the key issues at hand in advancing the National Cybersecurity Strategy, and engaging all stakeholders, including the private companies “on the front line” of cyber defense.

“National security, especially cybersecurity, requires partnerships across the public sector and the private sector. Although, I’ve been in situations where that partnership wasn’t a true partnership, where it was more one way: ‘Give me what you got. Tell me what you know, and I’ll see you later,” Coker told the Senate, according to The Record.  

He said his goal as the government’s cybersecurity leader is “ensuring that the private sector knows there is a true partnership, and that their knowledge, their capabilities and their risks are appreciated and supported.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.