President Biden announced key cybersecurity leadership nominations Monday, proposing Jen Easterly as the next head of the Cybersecurity and Infrastructure Security Agency and John "Chris" Inglis as the first ever national cyber director (NCD).
The announcement ends months of speculation over the key positions, during which time the government has had to face fallout from both the Solarwinds and Hafnium Exchange Server campaigns without leadership in place.
Inglis and Easterly are both former deputy directors at the National Security Agency. Both currently serve in private sector roles in the financial sector, with Inglis a managing director at Paladin Capital Group and Easterly head of firm resilience and the fusion resilience center at Morgan Stanley.
“Chris Inglis is superlative. I had the privilege of working very closely with him during a very challenging period for NSA beginning in 2009, and he was always the model of integrity and grace under pressure," David Kris, founder of the Culper Partners consultancy and former assistant attorney general for the Department of Justice's National Security Division, told SC Media via email.
"Gifted with deep insight and extraordinary clarity of expression, Chris will be a spectacular addition to the Biden Administration. I have every confidence that he and his former NSA colleague, Anne Neuberger, will make a dynamic duo of cyber leadership.”
Neuberger, the deputy national security advisor for cyber and emerging technology, currently heads the White House response to the Solarwinds campaign
The new NCD position was created last year to be what Sen. Angus King, I-Maine, described as a "single neck to throttle" for cybersecurity issues. Though the full scope of the position is still being explored, Inglis is expected to coordinate a consistent cyber strategy among often-competing executive branch agencies and communicate priorities with Congress.
Easterly was considered a frontrunner for the NCD position, but will instead take over CISA, a once-sleepy government agency that rose to prominence during the 2020 elections as a key cybersecurity and disinformation security organ of the federal government.
CISA's intragovernmental role has increased since last year, with additional funding for federal cybersecurity and the added responsibility of federal threat hunting. It is also the face of much of the government's interactions with the private sector for cybersecurity, even in sectors where other agencies coordinate the issue.
"We need a CISA director who has a strong public presence and is able to engage with the states and educate the public about election security and disinformation in particular, " said Jonathan Reiber, senior director of cybersecurity policy at AttackIQ and former chief strategy officer for cyber policy at the Pentagon.
"We saw the benefits of such a public-facing role with Chris Krebs out in front educating the public and engaging with key constituencies; we need the CISA director to perform the same public function about threats to our democracy and what we are doing to combat them today, particularly for ensuring that the states and federal agencies have the best cybersecurity tools in place. Jen has the acumen and the leadership skills to do it. She’s exceptionally talented"
Easterly would take over the agency from acting director Brandon Wales, who has been well recieved in his interim goal. But, said Michael Daniel, former White House cybersecurity coordinator under Barack Obama and current president and CEO of the Cyber Threat Alliance, a confirmed director is critical for the agency's future
"While Brandon Wales is doing a great job as the acting director, a confirmed, permanent director will enable CISA to move forward with enacting new policies and the administration’s cyber agenda much more forcefully and confidently," he said via email.
Both nominations garnered praise from the four lawmakers on the Cybersecurity Solarium Commission, which suggested the NCD last year leading into its creation. A statement cosigned by senators King and Ben Sasse, R-Neb., and Reps. Jim Langevin, D-Vt., and Mike Gallegher, R-Wis., said of Inglis: "The job will be tough, but there is no one more qualified than Chris. He has our warmest congratulations, and we look forward to offering him our full support as his nomination progresses.”
The legislators added that Easterly's "incisive mind and tenacity will be great assets to CISA as it continues to mature."
"The Biden Administration deserves credit for moving forward with these nominations, despite the overwhelming crush of other policy issues," said Daniel. "While the NCD position and associated office will take time to create, getting started on that process is important, and that wasn’t really going to happen until the administration named someone to the position."
