President Joe Biden’s nominee to be his top advisor on cybersecurity issues last week said the role of the National Cyber Director (NCD) is to strengthen existing cybersecurity efforts through better coordination.
“And my own view of the National Cyber Director is that while we can point to many threads that are quite strong within our private and public sector, strengths in technology, strengths in our professional development of people, strengths even in emerging doctrine, what’s missing is the fabric and ultimately I think the cyber director will be accountable, responsible for the fabric, lending strength to all of the individual pieces,” Chris Inglis said during a panel discussion hosted by the Billington Cybersecurity Defense Summit that aired last Thursday but was pre-recorded earlier this month before Biden announced his nomination on April 12.
Inglis, who currently is a visiting professor of cyber studies at the U.S. Naval Academy and former deputy director of the National Security Agency, was appointed by then Senate Majority Leader Mitch McConnell (R-Ky.), to the Cyberspace Solarium Commission, which a year ago recommended the creation of the National Cyber Director as a Senate-confirmed position within the Executive Office of the President.
Creation of the new cyber job is “essential,” Inglis said during the Billington event, but isn’t by itself the complete “solution to some of the challenges we think this nation faces in cyberspace.” He said the commission saw “that there was a lack of consistency between administrations and therefore believe that there should be an enduring commitment to cyber leadership. We did believe that coherence was wanting within the federal branch and therefore there needed to be a lifeforce to bring about that coherence.”
Inglis was joined on the panel by Rep. Mike Gallagher (R-Wisc.), co-chair of the commission, and Suzanne Spaulding, who also served on the bipartisan commission and led the former Department of Homeland Security National Protection and Programs Directorate, now called the Cybersecurity and Infrastructure Security Agency (CISA), during for six years during the Obama administration.
Citing media reports that Inglis would be the nominee to be the NCD, Gallagher applauded the then potential nomination and said the position is one members of Congress can “routinely interact with” on cyber issues. To a degree, this is already the case with the director of CISA, he said, adding that the NCD “position would allow Congress to have a more productive partnership with the executive branch on cyber issues.”
The Solarium Commission made dozens of recommendations for legislative approval, with nearly 30 included in the fiscal year 2021 National Defense Authorization Act, including creation of the NCD. Gallagher said the commission is working on around 30 to 35 legislative provisions from the 2020 proposals for Congress to consider this year.
“Some of the top ones” being worked on now include the establishment of a Joint Collaborative Environment, which would be a common cloud-based environment in which the federal government’s unclassified and classified cyber threat information, it’s malware forensics and network data for monitoring programs are made available for query and analysis,” Gallagher said. This information sharing environment would be integrated with the private sector as well as state, local, tribal and territorial governments to “reduce the silos in federal programs that act as barriers to detection, identification and awareness of cyber threats,” he said.
Inglis agreed on that continuing to prioritize improving relationships between the private and public sectors is critical. The most pressing need is for the government to improve its ability to work with the private sector, he said, citing the Joint Collaborative Environment and the need for “human relationships” that go with this.
These relationships “for my money, is where we can make a significant and transformative step forward such that if you’re an adversary in this space, and there are many, you’ll be faced with the prospect of having to beat all of us in order to beat one of us,” Inglis said.
Another top priority is defining “systemically important critical infrastructure” and making sure they have the “full support of the U.S. government” in terms of things like intelligence sharing and liability protections, Gallagher said. These critical infrastructures underpin the nation’s national critical functions, he said.
In return for this support, entities that make up systemically important critical infrastructure would be asked to up their security game to include reporting cyber incidents, he said.
Additional provisions being worked on include something akin to a federal disaster declaration. In this case, “codifying a cyber state of distress” so that when declared, resources would be made available through a cyber response fund to help local governments and the private sector beyond traditional technical assistance, he said.
The Biden administration is planning to initiate a $20 million Cyber Response Fund in the fiscal year 2022 budget request.
Gallagher also said that the commission wants to monitor the implementation of legislation it proposed and was approved by Congress in FY ’21, such as new authorities for CISA, “to make sure it actually accomplishes what it was intended to accomplish.”
A spokesman for Gallagher told Defense Daily on Friday that these proposals “will be championed in Congress” by members of the commission who serve in Congress. In addition to Gallagher, this list includes Sen. Angus King (I-Me.), also a co-chair, Sen. Ben Sasse (R-Neb.) and Rep. James Langevin (D-R.I.).
Inglis said he and his fellow panelists from the commission “are generally of one mind on this,” referring to the priorities for legislative proposals this year.