As the Biden-Harris administration thinks about cyber appointments and cyber strategy for the first 100 days of the administration, appointing a National Cyber Director role requiring Senate confirmation is critical.
The National Cyber Director will coordinate, support, and deconflict efforts on cyber, technology, and related issues led by executive branch agencies, engage the private sector to build trust and advance shared priorities, and represent the administration at home and abroad on cyber.
The administration will face a number of cybersecurity and technology challenges upon entering the White House. Effective mobilization and coordination of the government, and engagement with industry and civil society requires a coordinated strategy led by an empowered National Cyber Director who is responsible for the work. That person also must be able to hold federal agencies accountable.
The cybersecurity landscape has only grown more complex since President-Elect Biden left office as vice president. Election security, foreign investment threats, supply chain security, the weaponization of systemic racism and other social justice issues, attacks on critical infrastructure, international cyber norm development, emerging technology investment, and a myriad of other cyber and technology challenges and opportunities deserve focused attention.
Additionally, the number of countries with a stake has increased. Vietnam, the United Arab Emirates, Qatar and Saudi Arabia have all, to varying degrees, built up their cyber-espionage capabilities. That’s not to mention the changes to the federal government. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is stepping into it’s elevated cybersecurity mission, U.S. Cyber Command’s mission continues to evolve including the current focus on persistent engagement, and the State Department recently added a Bureau of Cyberspace Security and Emerging Technologies (CSET) to coordinate with other agencies on cyber-related national security issues.
Lessons can be learned from the outgoing administration, which did take a more aggressive posture to combat cyber attacks, though it greatly lacked an effective plan to actually execute that strategy. In fact, the Government Accountability Office criticized the State Department in a report for a failure to coordinate with other agencies in establishing a new cyber-diplomacy bureau, CSET.
The lack of a coordinator is a vulnerability that can reduce the efficacy of cyber strategy.
A focused attention on cyber and technology issues in times of crisis — and inbetween — will allow the U.S. to support relationships with industry, and advance a bevy of issues that increasingly intersect technology, economic, and national security domains, but remain within separate directorates within the White House.
This kind of recognition will help mitigate future opportunity loss such as 5G investment and enable coordination on tough challenges, like technology and software supply chain security.
Congress returns this week with the 2021 National Defense Authorization Act (NDAA) as one of the major outstanding pieces of business. The House and Senate versions of the massive bill contain dozens of policy recommendations proposed or inspired by the Cyberspace Solarium Commission report — chief among them the creation of a Senate-confirmed National Cyber Director. The House draft, H.R. 6395, would establish the office, while the Senate version, S. 4049, included place-holder language that called for a study of the issue. The Senate study represents an unnecessary delay because the Cyberspace Solarium Commission has already studied this recommendation in depth, a version of the bill with language establishing the office must move forward.
Coordination on cyber is best served by elevating leadership from a coordinator, codifying the role and responsibilities and allocating the budget to build the office.
Having worked in an administration that realized the benefits of coordination on these issues through a cyber coordinator, while also recognizing that old constructs may not suit the magnitude and veracity of current challenges, a Senate confirmed leader that demonstrates the weight both Congress and the Executive branch put on the issue is necessary to meet the moment.
Reverting to the cyber coordinator role which draws on the authority of the national security advisor, another National Security Council role, or modeling coordination off of other challenges like counter-terrorism, is insufficient for a function that demands the constant attention of an empowered leader.
Cyberattacks are on the rise and are evolving every day. While the landscape has drastically changed since Biden held the vice presidency, putting forth a National Cyber Director — endorsed and funded by Congress — will ensure the U.S. is not ceding its national security posture to malicious threat actors.
We need to prepare for the next threat, rather than lagging behind those who wish to do us harm.
Camille Stewart is an attorney and strategist in cyber and a Cyber Fellow at the Harvard Kennedy School’s Belfer Center for Science and International Affairs. Stewart is the former Senior Policy Advisor for Cyber, Infrastructure & Resilience Policy at the Department of Homeland Security in the Obama Administration.