White House Urged to Quickly Nominate National Cyber Director

In a letter addressed to the White House Chief of Staff, the Cybersecurity Coalition urged the Biden administration to nominate a new National Cyber Director (NCD) before the end of July.

The missive cited concerns over the "ever-changing and increasingly complex cyber landscape" as the driving force behind ensuring the role was filled quickly.

The letter noted the nomination of the position presents a "critical opportunity" for the administration to cement the significance of the Office of the National Cyber Director (ONCD), which was established under the guidance of Chris Inglis, the former director.

"Therefore, we urge you to promptly send a nomination to the Senate, and advocate for an expedited confirmation process to avoid the inevitable delays in nominations as an election nears," the letter stated.

Long-time NSA exec and cyber specialist Inglis retired in February after nearly 30 years working at federal agencies. He was unanimously confirmed in 2021 as Biden's top adviser in all things cybersecurity.

The signatories raised the concern that the delay in nominating a candidate for the role could impede the work accomplished under Inglis, hinder the implementation of the National Cyber Strategy, and jeopardize the effectiveness of ONCD.

The letter was co-signed the software alliance BSA, the Information Technology Industry Council, the Center for Cybersecurity Policy and Law, and the Better Identity Coalition.

Policy Letter Lobbies for Cybersecurity EO

The statement also lobbies for an executive order (EO) to clarify the roles and responsibilities of key cybersecurity entities, such as the ONCD, NSC, CISA, OMB, NIST, and other relevant organizations.

"Congress’s decision to make this a Senate-confirmed position has created potential overlaps, making such a clarification necessary," the letter noted.

Such an EO is seen by the signatories as essential to prevent confusion and publicly establish the cybersecurity-oriented functions of these entities.

"The way these issues are handled will define the Biden Administration’s lasting impact on cybersecurity policy and can demonstrate a comprehensive whole-of-government cybersecurity approach," the letter concluded.

White House, Federal Agencies Focus on Cybersecurity

Among the key efforts of the administration to date to boost cybersecurity include President Biden's EO 14028 from May 2021, which mandated new security requirements for critical infrastructure organizations.

Other measures include the National Security Memorandum 5, targeted specifically at critical infrastructure control systems, efforts to establish zero-trust cybersecurity models in federal agencies under M-22-09, the Cyber Incident Reporting for Critical Infrastructure Act, and the cybersecurity provisions in the Bipartisan Infrastructure bill.

However, US critical infrastructure is still not ready for ransomware, despite EO 14028 having been signed by President Biden just days after the Colonial Pipeline attack.

BlackFog's "State of Ransomware Report" from April indicated ransomware attacks on healthcare, government, and the critical infrastructure sector are continuing to grow, despite other vendor reports of a slowdown in attack volumes.

Meanwhile, the FBI is requesting more than $63 million in new funding to fight cyber threats in 2024, including an additional 192 positions — 31 special agents, eight intelligence analysts, and 153 other staff — plus $63.4 million "to enhance cyber information-sharing abilities and increase cyber tools and capacities."