"It is great to see the priority that the new
administration is giving to cyber," said Suzanne Spaulding, director of
the Defending Democratic Institutions project at the Center for Strategic and
International Studies.
Cybersecurity was demoted as a policy field under the Trump
administration. It discontinued the Cybersecurity Coordinator position at the
White House, shrunk the State Department's cyber diplomacy wing, and fired
federal cybersecurity leader Chris Krebs in the aftermath of Donald Trump's Nov.
3 election defeat.
Disclosed in December, the hack struck eight federal
agencies and numerous companies, including software provider SolarWinds Corp.
U.S. intelligence agencies publicly attributed it to Russian state actors.
Moscow has denied involvement in the hack.
Under a recent law, Biden must open a cyber-focused office
reporting to a new National Cyber Director, who will coordinate the federal
government's vast cyber capabilities, said Mark Montgomery, a former
congressional staffer who helped design the role.
The leading candidate for Cyber Director is Jen Easterly, a
former high ranking National Security Agency official, according to four people
familiar with the selection process.
Now head of resilience at Morgan Stanley, Easterly held
several senior intelligence posts in the Obama administration and helped create
U.S. Cyber Command, the country's top cyber warfare unit.
Easterly did not respond to requests for comment.
The Biden administration "has appointed world-class
cybersecurity experts to leadership positions," Microsoft corporate Vice
President Tom Burt said in a statement.
Some observers worry, however, that the collective group's
experience is almost entirely in the public sector, said one former official
and an industry analyst who requested anonymity. The distinction is important
because the vast majority of U.S. internet infrastructure is owned and operated
by American corporations.
"Finding a good balance with both government and
commercial experience will be critical to success," said former DHS
Cybersecurity director Amit Yoran, now chief executive of security company
Tenable Inc.
To replace Krebs at the Homeland Security Department, Biden
plans to nominate Rob Silvers, who also worked in the Obama administration, to
become director of the Cybersecurity Infrastructure Security Agency, according
to four people briefed on the matter. Silvers declined to comment for this
article.
Biden's National Security Council, an arm of the White House
that guides an administration's security priorities, includes five experienced
cybersecurity officials.
Leading the hires is National Security Agency senior
official Anne Neuberger as Deputy National Security Adviser for cyber and
emerging technology, a new position designed to elevate the subject internally.
"The United States remains woefully unprepared for 21st
century security threats - the establishment and prioritization of a DNSA for
Cyber and Emerging Tech on the NSC indicates the seriousness the Biden
Administration will afford to addressing these challenges," said Phil
Reiner, chief executive of the Institute for Security and Technology.
Neuberger became one of the most visible figures at NSA in
recent years after leading the spy agency's cyber defense wing, drawing praise
for quickly alerting companies to hacking techniques in use by other countries.
The other four hires are Michael Sulmeyer as senior director
for cyber, Elizabeth Sherwood-Randall as Homeland security adviser, Russ
Travers as deputy homeland security adviser and Caitlin Durkovich as senior
director for resilience and response at the NSC.
All four previously served in senior national security posts
that dealt with cybersecurity.