The Biden administration has three key leaders for the country to turn to during a major cyberattack — but until last year, two of the three positions they hold didn't exist.

Why it matters: The industry execs, former officials and lobbyists who talk regularly with this trio are still trying to distinguish who does what.

The big picture: The Biden administration has earned praise from experts for stabilizing and strengthening an executive-branch cybersecurity operation that had grown wobbly in the Donald Trump era.

• The Trump administration eliminated its White House cyber coordinator position in 2018. Trump also famously fired Chris Krebs, then-director of the Cybersecurity and Infrastructure Security Agency (CISA), by tweet in 2020 after Krebs pushed back on lies that the election was "rigged."
• In comparison, Biden has three top officials, including two in the White House, and signed a wide-reaching executive order last year to toughen federal agencies' cybersecurity.

Yes, but: It’s hard for the public sector to know whom to turn to when facing a large-scale cyberattack.

Biden's "big three" are national cyber director Chris Inglis; CISA director Jen Easterly; and Anne Neuberger, deputy national security adviser for cyber and emerging tech at the White House's National Security Council.

Easterly broke down their respective turfs in an interview with Axios:

• Neuberger handles the White House's cyber policy agenda.
• Inglis develops strategies to strengthen the larger U.S. cyber ecosystem, including the private and public sectors.
• Easterly concentrates on defending the federal government and private sector from attacks.

Catch up quick: Congress created the Office of the National Cyber Director (ONCD) in January 2021 and mandated that the role be an adviser to the president, other White House offices and federal agencies on both domestic and diplomatic issues.

• However, lawmakers didn't anticipate that the Biden administration would also establish Neuberger's role at the NSC — prompting still-lingering concerns that the administration has too many top cyber officials.
• Several agencies — including the FBI, the Justice Department and the Treasury Department — already play key roles in investigating cybercrime and nation-state hacks. Some agencies also set their own sectors' cybersecurity rules.

Between the lines: Conversations with six former government officials and people who work on industry government affairs teams reveal varying interpretations of how the new office fits in with existing agencies.

• Mark Montgomery, a former Senate aide and former NSC official, tells Axios the ONCD should oversee domestic cyber needs alongside CISA, while the NSC should take the lead on international cyber efforts.
• Three industry sources, who each requested anonymity to discuss private White House conversations, say they want to see Inglis — rather than Neuberger — become the sole public figurehead during cybersecurity crises and lead the country's cybersecurity initiatives.
• Others think Inglis' role should work in tandem with CISA and the NSC, swapping out who takes the lead in crises based on each cyberattack.
• Inglis' office released a "strategic intent statement" in October aimed at answering some of the questions about its purpose.

Despite the confusion, most experts give high marks to Inglis, Neuberger and Easterly for accomplishing a lot while also juggling the politics of divvying up cyber turf.

• An onslaught of high-profile cyberattacks — including the Log4j vulnerability and Russian threats tied to the war in Ukraine — left little room for turf wars.
• Easterly, Inglis and Neuberger overlapped in previous positions at the National Security Agency, and each has worked for the Pentagon at some point in their careers.
• “All of us have a strong relationship from before, and so we work well together,” Easterly tells Axios.

One year into the trio’s tenure, national cyber director Chris Inglis tells Axios his office — now nearly fully staffed — is ready to tackle its first big job.

Driving the news: The Office of the National Cyber Director (ONCD) plans to release the administration's national cybersecurity strategy next month after the White House charged the office in late June with leading its development. The strategy will define the nation's plans to prevent major cyberattacks and responses to them when they occur.

• Industry officials tell Axios they hope the strategy clearly defines what responsibilities the ONCD will have and differentiates the office from its counterparts at the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Council (NSC).
• This could signal that the NSC, which has historically handled all cyber policy matters for the White House, is ready to hand off some of its duties, former NSC official Mark Montgomery tells Axios.

The big picture: It's taken most of the year for Inglis' office to get off the ground, but now that the team is nearly staffed up, the ONCD could start to play a more clearly defined and prominent role in federal cyber discussions.

• ONCD didn't receive congressional funding until November, and the office didn’t start hiring in earnest until February, Inglis tells Axios. Now that they're close to 60 full-time staff members, the office is starting to take on more responsibilities.
• During its first year, the ONCD laid the groundwork for what some of its priorities will be, serving as a key participant in White House forums on cybersecurity workforce issues, health industry cyber needs and open-source software security woes.

Details: To create a solid foundation for the ONCD, Inglis has focused on collaborating with other federal agencies, as well as hiring well-known government and industry officials as leaders.

• Inglis named Kemba Walden, a former Microsoft executive and Department of Homeland Security official, as his second-in-command in May. Other high-profile hires came from Google and the CIA.
• Inglis tapped federal chief information security officer Chris DeRusha as a deputy national cyber director — establishing a "dual-hat" role between the Office of Management and Budget and ONCD.

What they’re saying: "We don’t get a passing grade, in terms of our scorecard, if we simply stand up the office," Inglis says. "What we have to do is add true value to the system."

• "The least visible part of the human body is the connective tissue," Walden tells Axios. "That's how I envision us in the cyber ecosystem: We're that connective tissue that makes it all make sense."

What’s next: Inglis tells Axios his office is "working our way through" creating the administration's first national cybersecurity strategy. The office has collected feedback on it from 30 federal offices and more than 60 private-sector organizations.

• The office is also in the "early stages" of developing a cyber workforce strategy.

Codebook aims to help everyone, including the not-so-tech-savvy, understand what’s happening in cybersecurity.

Why it matters: As hackers ramp up their attacks on small businesses, schools, hospitals and utilities, it's become crucial for all of us to get a better handle on the nation’s cybersecurity news.

• I’m especially interested in stories about hacks and regulation targeting critical infrastructure (i.e., the sectors that we all live and die by), state-backed and ransomware hacking activity, and abuses of our data privacy, such as data breaches and surveillance concerns.

💭 Sam's thought bubble: It’s too easy for people outside of cybersecurity to turn a blind eye to major hacks because, frankly, cyber news is littered with technical language and insider jargon.

• My goal is to make Codebook an approachable source for your cybersecurity news.
• If you see me using language that you don’t get, call me out on it. Really!

The bottom line: Codebook is here to bring Axios’ Smart Brevity ethos to cybersecurity — and also to share pet pics and tidbits with everyone. Have thoughts? Let me hear them.

@ D.C.

🔓 New documents indicate Trump-allied lawyers paid a digital forensics company to copy sensitive data from election system software in Georgia, Michigan and Nevada. (Washington Post)

🗳 Organizers and participants in DEFCON's Voting Village, where hackers test voting machines for security vulnerabilities, are struggling to fight the election disinformation machine. (Politico)

🕵🏻‍♂️ A federal lawsuit alleges a Spanish security firm at Ecuador's London embassy spied on two lawyers and two journalists visiting WikiLeaks founder Julian Assange and fed that information to the CIA. (Newsweek)

@ Industry

💸 Cybersecurity firm Darktrace confirmed it's in early stages about a cash offer from tech investment firm Thoma Bravo. (Reuters)

👀 Oracle plans to begin auditing TikTok's algorithms and content moderation policies to ward off concerns about Chinese data surveillance of U.S. users. (Axios)

❌ DEFCON, the global hacker conference in Las Vegas, banned pro-Trump news outlet OAN for violating the event's privacy policy. (Motherboard)

@ Hacks and hackers

🇷🇺 Microsoft said it has disrupted several ongoing phishing attacks linked to a Russian cyber-espionage gang known for targeting U.S. and U.K. companies. (Microsoft)

🇨🇳 Researchers at Recorded Future found evidence of a Chinese-linked hacking group targeting human rights organizations, think tanks, news media and agencies of several governments over the last three years. (MIT Technology Review)

📲 Encrypted messaging service Signal alerted 1,900 users that their account information may have been revealed to the hackers behind this month's Twilio breach. (The Verge)

Seems even hackers are starting to catch on to the usefulness of emojis in engaging new audiences... 👀🧐🙄