Malware, Ransomware

‘We desperately need a director’: Cyber advocates sound off as senator delays CISA confirmation

“How Can the U.S. Make Sure It Wins the Cyber War of 2028?” by New America is marked with CC BY 2.0.)

Senator Rick Scott, R-Florida, blocked a unanimous consent vote on Wednesday to confirm Jen Easterly as head of the Cybersecurity and Infrastructure Security Agency until Vice President Kamala Harris visits the U.S.-Mexico border.

Scott, whose office did not respond to requests for further comment on the matter, vowed to block all Department of Homeland Security nominees until Harris visits the border. Prior to the Easterly confirmation being brought to vote, the White House announced Wednesday that Harris would be visiting the border on Friday.

"This isn’t about Ms. Easterly. This isn't about cybersecurity,” Scott said. “I am here today because families in my state of Florida and across our nation deserve accountability, and President Biden has shown a total lack of accountability when it comes to addressing the border crisis.”

Though CISA has a well-esteemed acting director in Brandon Wales, critics of Scott's move stress that putting a confirmed, permanent official in office was critical for national and economic security, particularly as businesses looked for government assistance in the growing ransomware threat.

“The cyberthreat facing America is too real and too immediate to be using the nomination of one of the most important cyberofficials as a hostage to an unrelated policy matter,” Senator Angus King, I-Maine, told SC Media.

CISA is a key cog in federal network security and also serves as the Department of Homeland Security's cybersecurity liaison with the private sector and state and local governments. The agency has a key role in election security and overseeing cybersecurity of critical infrastructure.

The importance of CISA's role has only expanded in recent weeks as ransomware has become a nationally significant concern. At a recent congressional hearing, the CEO of Colonial Pipeline — itself a recent ransomware victim — said that CISA offered "great services" to inspect networks companies without Colonial's resources (Colonial, he said, was able to spend to bring in three "best-in-class" firms, Mandiant, Dragos and Black Hills, to bolster its own efforts after the fact).

CISA role will likely grow in the near future. Several efforts, including an executive order for government contractors, a TSA directive to pipelines and several pending legislative proposals, require private companies to notify the government of breaches. The executive order and TSA directive both require notification directly to CISA. The legislative proposals vary, but a widely-touted draft bill authored by Sen. Mark Warner, D-Va., and co-sponsored by Sens. Marco Rubio, R-Fla., and Susan Collins, R-Maine, would have a slew of federal agencies, including CISA, meet to determine which agency should receive notifications.

"CISA plays an essential role in ensuring that our federal agencies have the right cyber defenses in place to fend off cyberattacks," Warner told SC Media. "It also plays a critical role in coordinating cyber security information and response across states and with the private sector, ensuring that we address cyber threats collectively as a nation. With cyberattacks on our critical infrastructure increasing, we desperately need to confirm a director at CISA who is able to get to work on creating and implementing a cyber strategy.”

For enterprises, said Black Kite chief security officer and former chief information security officer for the state of Pennsylvania Bob Maley, having the long-term head of CISA take office is a key to solidifying relationships between CISA and the private sector.

"Having somebody at the federal level be that bridge to the private sector is important," he said.

Republicans have stressed the importance of Vice President Harris visiting the southern border to further the administration's fight against illegal border crossings, sometimes referring to her as a "border czar." The Biden Administration has put Harris in charge of addressing the root causes of immigration — not the protection of the border — and in that mission Harris has visited South America.

Scott said he hopes that Harris takes the trip seriously.

"More than anything, I hope this isn’t a political stunt,” Scott said Wednesday night. “If she truly goes to see this crisis, I am going to lift all my holds of DHS political nominees. It’s that simple.”

In the interim, Scott will continue to prevent all Homeland Security nominations from taking office. It's a move that has failed to impress even some individuals intimately involved with immigration.

“It is a dangerous practice to hold up the CISA director’s nomination in order to make a political point," said John Sandweg, former acting director of Immigration and Customs Enforcement and current partner in the cross border risks practice at Nixon Peabody. "We face dire threats to our nation’s critical infrastructure and federal networks and need all hands on deck to counter our adversaries. It is long past time that we recognize that the mission of DHS is too important to allow it to be a political football.”

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.