NSA Veterans Nominated for Top Cyber PostsChris Inglis Nominated for Cyber Director; Jen Easterly Tapped to Lead CISA
This story has been updated.
President Joe Biden has nominated two U.S. National Security Agency veterans for top cybersecurity positions as the White House continues to confront the fallout from the SolarWinds supply chain attack as well as attacks against on-premises Microsoft Exchange email servers.
The White House announced Monday plans to nominate John "Chris" Inglis to become national cyber director, a position created earlier this year by Congress as part of the 2021 National Defense Authorization Act.
The administration also plans to nominate Jen Easterly to take over as director of the U.S. Cybersecurity and Infrastructure Security Agency, which is part of the Department of Homeland Security. CISA has been without a Senate-confirmed leader since former President Donald Trump fired Christopher Krebs in November 2020 (see: Trump Fires Christopher Krebs, Head of CISA).
If approved by the Senate, Inglis and Easterly are expected to work closely with Anne Neuberger, the deputy national security adviser for cyber and emerging technology who is already overseeing the federal investigations into the SolarWinds and Exchange attacks (see: White House Preparing 'Executive Action' After SolarWinds Attack).
"I am looking forward to working with Chris and Jen to continue building back better to modernize our cyber defenses and enhance the nation’s ability to prevent and respond effectively to cybersecurity incidents," Neuberger says. "We will work closely with cybersecurity leaders across the United States government, the private sector, Congress and dedicated frontline cyber responders to keep our networks safe and secure."
Reaction to Announcement
The nominations drew immediate praise from Krebs, who had helped push CISA to address several security issues ahead of the 2020 elections before he was fired by Trump. Krebs now runs a security firm, the Krebs Stamos Group, with former Facebook CISO Alex Stamos.
"My goodness. This is a team," Krebs wrote on Twitter.
Phil Reitinger, a former director of the National Cyber Security Center within the Department of Homeland Security who is now president and CEO of the Global Cyber Alliance, praised both nominations, but he noted that he worked closely with Inglis during the Obama administration.
"He used to say that networks must be both defensible and adequately defended, which is exactly right, and his focus on both prevention and operations will serve him well as the national cyber director," Reitinger says. "I have no doubt he will be quickly confirmed."
The nominations of Inglis and Easterly come at a time when members of both parties have been raising concerns that the Biden White House had left two critical cybersecurity posts open at a time when both the SolarWinds and Exchange attacks are under investigation.
Earlier this month, two senators asked the Biden administration and CISA for more details about those attacks, including why CISA's intrusion detection system, known as Einstein, failed to detect them (see: Why Didn't Government Detect SolarWinds Attack?).
Meanwhile, Department of Homeland Security Secretary Alejandro Mayorkas is working to address domestic cybersecurity issues, including the surge in ransomware attacks.
President Biden is asking Congress to boost the CISA budget for fiscal year 2022 by $110 million to $2.1 billion to help enable the agency to address a range of cybersecurity issues.
This would build on the $650 million provided to CISA under the American Rescue Plan Act - the COVID-19 stimulus package signed into law in March - to fund efforts to better protect federal and civilian agency networks during the pandemic (see: Biden Seeks to Boost CISA's Budget by $110 Million).
Inglis, an Air Force veteran and retired brigadier general with over 40 years of experience in the federal government, worked at the NSA for 28 years - including nearly eight years as the senior civilian leader and deputy director at the agency under both the Bush and Obama administrations - before stepping down in 2014. He currently works as a managing director for the Paladin Capital Group.
If confirmed as national cyber director, Inglis will have oversight over the defense of federal networks and infrastructure as well as the cyber budgets of various agencies. The position, however, will not involve offensive cyber activities, which will remain with the National Security Council and U.S. Cyber Command.
After Trump eliminated the national cybersecurity coordinator position in 2018, the Cyberspace Solarium Commission published a report urging Congress to restore the position at the White House, which lawmakers did with passage of the National Defense Authorization Act. Inglis served on the commission.
On Monday, the four lawmakers who served on the commission, senators Angus King, I-Maine and Ben Sasse, R-Neb.; and representatives Jim Langevin, D-R.I., and Mike Gallagher, R-Wis., issued a statement noting that after the events of the last six months, the administration needs one official to oversee and coordinate its cyber policies.
"As our adversaries’ attempts to probe our networks become bolder, the need for a leader with statutory authority to coordinate the development and implementation of a national cyber strategy to defend and secure everything from our hospitals to our power grid could not be more clear," the four lawmakers note.
Easterly retired as an Army intelligence officer in 2011, and then was named as deputy for counterterrorism at the NSA. She later served on President Obama's National Security Council staff. After leaving government, Easterly worked as Morgan Stanley’s head of firm resilience and oversaw the company's fusion resilience center.
While in the Army, Easterly worked with Gen. Keith Alexander, who was then director of the NSA, to help establish U.S. Cyber Command. She also worked with Paul Nakasone, who is now a four-star general and the head of both Cyber Command and the NSA.
"Jen was one of the four key people responsible for the planning, development and stand up of U.S. Cyber Command. She is an exceptional choice as the new director of CISA," Alexander says in a statement.
A Team Effort
In a tweet, Dmitri Alperovitch, the former CTO of security firm CrowdStrike and executive chairman of Silverado Policy Accelerator, a nonprofit organization, said Easterly, Inglis and Neuberger would be able to work together well to coordinate the White House's cybersecurity policies and initiatives.
The administration could not have picked 3 more capable and experienced people to run cyber operations, policy and strategy alongside Anne Neuberger @WhiteHouse and @CYBERCOM_DIRNSA. This is the cyber equivalent of the Dream Team! 2/2— Dmitri Alperovitch (@DAlperovitch) April 12, 2021
The Washington Post, which first reported the nominations, reported that the Senate conformation process for Easterly and Inglis could take two months.
The Post also reported that the Biden administration is also expected to nominate Robert Silvers, who worked in the Obama administration, as undersecretary for policy at the Department of Homeland Security, with an emphasis on cybersecurity.