President Joe Biden has picked two veterans of the National Security Agency, Chris Inglis and Jen Easterly, for senior cybersecurity positions at the White House and Department of Homeland Security, the White House said Monday.
Biden intends to nominate Inglis as the national cyber director and Easterly as the director of DHS’s Cybersecurity and Infrastructure Security Agency, the White House said in a statement. Both positions are subject to Senate confirmation.
The nominations come as the Biden administration continues to grapple with two high-profile hacking operations linked to Russia and China that have exposed vulnerabilities in federal, state and local government networks.
The national cyber director is a new, congressionally mandated role designed to make the government better at responding to those types of major hacks. If confirmed, Inglis, who spent nearly three decades at the NSA, will be charged with coordinating offensive and defensive operations across the vast federal bureaucracy and ensuring cybersecurity isn’t left out of key national security discussions.
Easterly’s charge will be more squarely focused on bolstering the defenses of federal networks, which were blindsided by the suspected Russian operation. The hacking activity exploited software made by federal contractor SolarWinds and other vendors on the way to infiltrating nine federal agencies. Easterly will also have to deal with the scourge of ransomware that has afflicted state and local government networks.
Easterly is a former Army intelligence officer with deep experience in offensive and defensive cyber-operations. For the last four years, she has been running Morgan Stanley’s cybersecurity “fusion center,” which monitors for criminal and state-affiliated hacking threats to the financial giant.
Easterly also brings first-hand knowledge of the offensive side of cyberspace to the job. She was part of a team that in 2009 and 2010 helped stand up U.S. Cyber Command, the military’s hacking unit. Before that, she worked at the National Security Agency’s elite offensive team formerly known as Tailored Access Operations, according to her LinkedIn profile.
Easterly and Inglis would join a cadre of ex-NSA officials that Biden has hired for top cybersecurity positions. Michael Sulmeyer, a former senior adviser to NSA director Gen. Paul Nakasone, is now senior director for cyber in the White House, while former NSA cybersecurity director Anne Neuberger is deputy national security adviser for cyber and emerging technology.
Establishing the national cyber director was a top recommendation of the Cyberspace Solarium Commission, a panel comprised of lawmakers and government and private-sector experts. The U.S. government lacked an official who could coordinate and synchronize the various cybersecurity work going on across the vast federal bureaucracy, the commission lamented.
Then-President Donald Trump’s National Security Council in 2018 eliminated the position of White House cybersecurity coordinator, which served a similar purpose to the national cyber director. Some private-sector experts and Democratic lawmakers criticized the move as a sign the U.S. was de-prioritizing cybersecurity, a charge the Trump administration denied.
The White House also said Monday that Biden intends to nominate Rob Silvers, a former DHS official in the Obama administration, as undersecretary for strategy, policy and plans at DHS.
Silvers, who was long considered a top contender for the CISA job, is close with Homeland Security Secretary Alejandro Mayorkas, and would also have a voice on cybersecurity matters as undersecretary. Silvers served as assistant DHS secretary for cyber policy in the last year of the Obama administration, giving him an up-close look at Russia’s 2016 campaign of hack-and-leak interference in the U.S. election.
The cybersecurity personnel announcements on Monday weren’t limited to the White House or DHS. The Department of Energy said in a statement that Puesh Kumar would serve as acting principal deputy assistant secretary in the department’s cybersecurity office, a key role in U.S. government efforts to defend the electric sector from hacking.
Kumar was most recently principal manager for cybersecurity engineering and risk management at Southern California Edison, one of California’s biggest electricity providers.