Biden's three-headed cybersecurity team
The Biden administration has three key leaders for the country to turn to during a major cyberattack — but until last year, two out of the three positions they hold didn't exist.
Why it matters: The industry execs, former officials and lobbyists who talk regularly with this trio are still trying to distinguish who does what.
The big picture: The Biden administration has earned praise from experts for stabilizing and strengthening an executive-branch cybersecurity operation that had grown wobbly in the Trump era.
- The Trump administration eliminated its White House cyber coordinator position in 2018. Trump also famously fired Chris Krebs, then-director of the Cybersecurity and Infrastructure Security Agency (CISA), by tweet in 2020 after Krebs pushed back on lies that the election was "rigged."
- In comparison, Biden has three top officials, including two in the White House, and signed a wide-reaching executive order last year to toughen federal agencies' cybersecurity.
- Yes, but: It’s hard for the public sector to know who to turn to when facing a large-scale cyberattack.
Biden's "big three" are national cyber director Chris Inglis, Cybersecurity and Infrastructure Security Agency director Jen Easterly and Anne Neuberger, deputy national security adviser for cyber at the White House's National Security Council.
Easterly broke down their respective turfs in an interview with Axios:
- Neuberger handles the White House's cyber policy agenda.
- Inglis develops strategies to strengthen the larger U.S. cyber ecosystem, including the private and public sectors.
- CISA concentrates on defending the federal government and private sector from attacks.
Catch up quick: Congress created the national cyber director's office last year and mandated that the role be an adviser to the president, other White House offices and federal agencies on both domestic and diplomatic issues.
- However, lawmakers didn't anticipate that the Biden administration would also establish Neuberger's role at the NSC when they created the Office of the National Cyber Director (ONCD) in January 2021 — prompting still lingering concerns that the administration has too many top cyber officials.
- Several agencies — including the FBI, the Justice Department and Treasury Department — already play key roles in investigating cybercrime and nation-state hacks. Some agencies also set their own sectors' cybersecurit rules.
Between the lines: Conversations with six former government officials and people who work on industry government affairs teams reveal varying interpretations of how the new office fits in with existing agencies.
- Mark Montgomery, a former Senate aide and NSC official, told Axios the ONCD should oversee domestic cyber needs alongside CISA, while the NSC should take the lead on international cyber efforts.
- Three industry sources, who each requested anonymity to discuss private White House conversations, say they want to see Inglis — rather than Neuberger — become the sole public figurehead during cybersecurity crises and lead the country's cybersecurity initiatives.
- Others think Inglis' role should work in tandem with CISA and the NSC, swapping out who takes the lead in crises based on each cyberattack.
- Inglis' office released a "strategic intent statement" in October aimed at answering some of the questions about its purpose.
Yes, but: Despite the confusion, most experts give high marks to Inglis, Neuberger and Easterly for accomplishing a lot while also juggling the politics of divvying up cyber turf.
- An onslaught of high-profile cyberattacks — including the Log4j vulnerability and Russian threats tied to the war in Ukraine — left little room for turf wars
- This isn't the first time Easterly, Inglis and Neuberger have worked together: They overlapped in previous positions at the National Security Agency, and each has worked for the Pentagon at some point in their careers.
- “All of us have a strong relationship from before, and so we work well together,” Easterly tells Axios.