Brandon Wales reflects on 20 years of cyber as he leaves CISA
After nearly 20 years at the Department of Homeland Security and serving under four different presidents, Brandon Wales, the executive director of the Cybersecurity and Infrastructure Security Agency, is calling it a day as a federal employee.
Wales leaves CISA next week, having watched cyber evolve from a minor element of DHS’s work to a mission encompassing billions of dollars and thousands of personnel.
“When I first started, the external cybersecurity mission that CISA does today was a tiny part of our infrastructure security and infrastructure protection mission,” Wales said in an interview Thursday, recalling how in his early days at DHS beginning in 2005, the focus was on counterterrorism. “So just in terms of scale, how prominent it is, it has grown.”
One thing has remained consistent as the cyber mission has evolved under CISA’s predecessor agency — the National Protection and Programs Directorate — to now: putting in place, and enhancing, the public-private partnership, Wales said.
“It continues to be a real strength,” he said. “We have been able to continue to rely upon strong relationships with our private-sector partners to ensure that we can get the mission done. And that’s the part that remains the same, even as some of the operational environment has changed.”
Wales held a variety of posts at DHS before becoming executive director at CISA, from assignments like leading the cybersecurity section of the 2009 Quadriennal Homeland Security Review to serving as acting director of CISA after then-President Donald Trump fired Chris Krebs. Wales called the latter a “humbling experience.”
It was a task that involved shepherding the agency through a period when election security and the COVID-19 pandemic were twin priorities. But CISA also quickly became consumed by responding to the Russian SUNBURST cyberattack on SolarWinds that compromised a number of federal agencies.
“That is probably something that I’m most proud of, how this agency rose to the occasion to be able to respond to that incident, and not just the response we took in terms of surging resources to provide support and help those agencies eradicate Russian activity in their networks,” he said. It was a task that involved rethinking how to undertake systemic changes in response to the incident, working with Congress to get more resources, and later, building those things into the 2021 Biden administration executive order, he added.
“When I look back at the improvements that have been made in federal cybersecurity today, it is a testament to the work that was put in in those very early days of the SolarWinds/Microsoft Office 365 compromise,” Wales said.
It’s difficult, he said, to separate the presidents he worked under — George W. Bush, Barack Obama, Trump and Joe Biden — from the nature of the threats and priorities of their times.
During the Bush administration, it was about establishing protection of critical infrastructure against terrorists, then after Hurricane Katrina, “the fragility of critical infrastructure to all hazards and refocusing efforts beyond just protection and security to preparation and resilience,” Wales said.
Under Obama, cyber became a much higher priority, he said, owing to the Office of Personnel Management breach and the Sony hack. That’s when some of the “nascent programs around federal cybersecurity got their start,” Wales said.
Under Trump, CISA came into being. It’s also when election security became a big focus of the work, Wales said.
The overall biggest accomplishments that coincided with his time at the department are the improvements to federal cybersecurity and also establishing CISA as the force it is today, Wales said. When he began, he worked with a team of eight other feds, he said.
Now, CISA has built a 3,000-person team “to be able to answer some of the hardest questions we had as an agency, and that work continues to this day,” Wales said.
CISA still has some important work ahead, namely on two important fronts, he said. One is “addressing the most significant national security issue of our time, and that is the People’s Republic of China, the cyber threats they pose to the country,” Wales said. The other is finishing up the rules that CISA is responsible for writing under the 2022 cyber incident reporting legislation, he said.
Wales said he couldn’t say where he was going next, but it will be a private-sector cyber job. “I was looking to look at this mission from another perspective,” he said. “I spent a lot of the time over the last 20 years working with the private sector, but never sat in their shoes. And I felt like it was an important perspective to have, an important set of experiences that I was missing.”
CISA Director Jen Easterly said last month that Bridget Bean would take over as executive director and hailed Wales’ efforts.
“Brandon has guided CISA through some of the most serious threats facing our Nation,” she said in a statement. “From Sunburst to the ransomware attack on Colonial pipeline to the Russian full-scale invasion of Ukraine, the Agency and the Department have looked to Brandon time and again for his leadership and deep expertise. With more than 20 years of federal service, including more than 19 at the Department, he was here before we were CISA and expertly helped shape the Agency into what we are today.”