Workforce

Sean Cairncross has policy coordination in mind if confirmed as national cyber director

The nominee, who doesn’t have as much cyber experience as his predecessors, also touted his credentials and views on current threats during his Senate confirmation hearing.

By Tim Starks

June 5, 2025

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

Ivanka Trump, daughter of President Donald Trump, walks with Sean Cairncross, then-CEO of the Millennium Challenge Corporation, through the alleys of Rabat's Old city on Nov. 7, 2019. (Photo by FADEL SENNA/AFP via Getty Images)

Sean Cairncross laid out his vision to senators Thursday for the Office of the National Cyber Director if he is confirmed to lead it.

“A goal of mine is to make sure this office sits at the place that this committee and I believe Congress intended in the statute, and that is to lead cyber policy coordination across the federal government,” he told the Homeland Security and Governmental Affairs Committee at his confirmation hearing.

“In doing that, working with our interagency partners is vital,” he said. “We’ve been empowered to work with [the Office of Management and Budget] to ensure that budget alignment among the interagency aligns with administration policy, and I think those tools have to be leveraged, and relationships between us and the interagency — it’s making sure that it is monitored and enforced.”

Cairncross, a former White House and Republican National Committee official and the former head of the federal Millennium Challenge Corporation who has run his own consultancy, also touted his credentials to serve as national cyber director. Michigan Sen. Gary Peters, the top Democrat on the panel, asked about his lack of cyber experience compared to his predecessors in the office.

“It’s true I don’t have a technical background in cyber, but in my roles running private organizations and national party committees, I’ve been on the user side of this,” he said. “I’ve had to deal with foreign nation attacks on our systems. We’ve worked with the FBI and the intelligence community to learn about them, to stop them and to monitor those attacks. On the management side, I’ve run thousands of people and billions of dollars in funds, and in doing those jobs, I surround myself with smart people.”

He didn’t directly answer questions from Sens. Elissa Slotkin, D-Mich., and Sen. Andy Kim, D-N.J., about cuts to the Cybersecurity and Infrastructure Agency, instead saying his “first management principle” is “form follows function” and that the administration would be focused on taking offensive steps against foreign attackers.

“These attacks are increasing, they’re becoming more sophisticated and they’re scaling up,” he said.

Attacks from Beijing-linked hacking groups Salt Typhoon and Volt Typhoon demonstrate that “China is without question the single biggest threat in this domain that we face,” Cairncross said. Those hackers are “squatting” on U.S. networks, and “that should be unacceptable. It is unacceptable.”

Getting attackers out of those networks — particularly in the Salt Typhoon breach of telecommunications companies — has proven a daunting task, however. Cairncross said countering such attacks would mean going to the private sector and contemplating “regulatory schemes” or “incentivizing information flow.” He agreed with Sen. Josh Hawley, R-Mo., that the American people don’t realize how deeply telecommunications networks have been compromised.

“This is not an IT issue. This is an operational issue,” Cairncross said. Volt Typhoon in particular, he said, “has real potentially life and death consequences.”

Cairncross said he was committed to working with Congress to extend two laws in September: one that facilitates threat information sharing and one that gives cyber grants to state and local governments.

Reauthorization of the Cybersecurity and Information Sharing Act of 2015 came up several times in questioning of Cairncross. The chairman of the panel, Sen. Rand Paul, R-Ky., has been a critic of the Cybersecurity and Infrastructure Security Agency, which plays a leading role in programs related to that law — and confusingly shares the same acronym, CISA. Paul has accused the agency of engaging in censorship in the name of combatting misinformation, which CISA has long denied.

Referencing those questions on reauthorization of the 2015 law, Paul said that “I will do everything in my power to make sure CISA authorization has a clause in it that states that no government resources at CISA will be utilized to diminish in any way constitutionally protected speech.”

After the hearing, Peters declined to comment on whether he would vote for Cairncross, and Paul declined to answer any questions after the hearing.

Sean Cairncross has policy coordination in mind if confirmed as national cyber director

More Like This

Experts endorse Sean Cairncross for national cyber director ahead of Senate hearing

Top FBI cyber official Cynthia Kaiser exits for Halcyon

Rep. Garbarino: Ending CISA mobile app security program for feds sends ‘wrong signal’

Top Stories

DOJ seizes $7.7M from crypto funds linked to North Korea’s IT worker scheme

Trump cyber executive order takes aim at prior orders, secure software, more

More Scoops

Exclusive: Peters, Rounds tee up bill to renew expiring cyber threat information sharing law

Trump picks Sean Cairncross for national cyber director

State Department needs more cyber policy muscle, says cyberspace ambassador nominee

The long, bumpy road to cyber incident reporting legislation — and the one still ahead

Latest Podcasts

Verizon’s Alex Pinto on the takeaways from the 2025 DBIR

MIND CEO Eran Barak on the dramatic rise of insider threats in cybersecurity

Bishop Fox’s Rob Ragan on the ‘Iron Man’ suit for pen testers

Olivia Rose on why the CISO role may not be the pinnacle of security work

Government

Technology

Threats

Policy