Federal Chief Information Security Officer Chris DeRusha, who has played an integral part in responding to the SolarWinds hack, is getting a second gig as deputy national cyber director for federal cybersecurity.
National Cyber Director Chris Inglis hailed DeRusha’s appointment on Twitter Thursday.
“Personally announcing Federal CISO Chris DeRusha as the new Deputy National Cyber Director for Federal Cybersecurity,” Inglis tweeted. “We are excited to see how Chris’s dual designation as Federal CISO at @OMBPress will improve federal coherence in the cyber domain.”
DeRusha steps into his additional role at a time when questions persist on Capitol Hill about the breakdown of cyber roles within the federal bureaucracy. The national cyber director’s office is the newest addition to that bureaucracy, established only this year. The office is coming into being as the Department of Homeland Security’s Cybersecurity Infrastructure and Security Agency is increasingly focused on incident response and information sharing in the federal government, and as Deputy National Security Adviser Anne Neuberger probes ways for the U.S. to combat ransomware.
In an interview with The Washington Post that published Thursday, Inglis said the coordination with DeRusha should benefit federal agency cyber officials. “Particularly if you’re a chief information security officer, you’ll see us speaking complementary ways and using our resources in a collaborative manner,” he said.
The Office of Management and Budget, where DeRusha is housed, has extensive responsibilities under the May cybersecurity executive order that President Joe Biden signed in large part as a response to the SolarWinds hack that compromised nine federal agencies.
In August, leaders of the House Homeland Security Committee said in a letter to Inglis they wanted clarification about the divergent roles of the national cyber director, CISA and the National Security Council’s deputy national security adviser for cyber and emerging technology.
“While the talent that you and other senior cybersecurity officials bring to bear is undeniably encouraging, we remain concerned that lingering confusion about the roles and responsibilities among the NCD, CISA Director, and the DNSACET will stunt whole-of-government efforts to address pressing cybersecurity challenges facing the nation,” they wrote.