Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

06:20 PM
Connect Directly

Cybersecurity in the Biden Administration: Experts Weigh In

Security pros and former government employees share their expectations and concerns for the new administration - and their hope for a "return to normal."

President-elect Joe Biden's transition team has recently been announcing appointments for the incoming administration. As the country learns who will lead it next, cybersecurity experts are speculating how the appointees will approach protecting the United States from cyberthreats.

Related Content:

Inside North Korea's Rapid Evolution to Cyber Superpower

The Changing Face of Threat Intelligence

New on The Edge: Loyal Employee ... or Cybercriminal Accomplice?

"I think you'll finally see cyber and cybersecurity issues become a true national security, economic security, and diplomatic priority," said Chris Painter, president of the Global Forum on Cyber Expertise Foundation and former government cybersecurity official, in a panel today on the Biden cyber agenda hosted by the Institute for Security + Technology. "We've been moving toward that. I think it'll finally get there, and it won't take a 'cyber 9/11,' 'cyber Pearl Harbor' … that people have been predicting for years. I think we're finally at that level of maturity."

Painter expects the return to cybersecurity being treated as a "real bipartisan issue," a thought echoed by others on the panel as a necessary change.

"I think we'll see a multilevel, multilateral, all-hands-on-deck kind of plan we haven't seen before," said Kemba Walden, attorney in Microsoft's Digital Security Unit and former attorney and adviser for cybersecurity at the Department of Homeland Security. A new administration brings opportunities to work with the private sector and law enforcement on key issues.

While many positions remain open, Painter noted most high-level roles have so far been filled by people who have experience with cybersecurity issues. Historically, most appointees who come in at a high level have little to no background in information security. He pointed to Antony Blinken, the appointed secretary of state, Jake Sullivan, the next national security adviser, Biden, and vice president Kamala Harris as examples of incoming officials who have previously handled cybersecurity matters. 

"This is really different, having a crew come in who understand these issues at some level," he said. Cybersecurity will not be their first priority, and each appointee will have other responsibilities to handle, but it will be something that most have dealt with in the past – something Painter called "a real seed change."

Of course, key cybersecurity roles have yet to be filled. Mieke Eoyang, senior vice president for the national security program at Third Way, anticipates the Biden administration will be keen to bring in experts from the private sector who have experience in the industry. Many are curious who will lead the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), after the recent firing of former director Chris Krebs.

"CISA has to be part of the solution," said Eoyang, adding the agency has become the "go-to" place in government for cybersecurity issues. She anticipates the credibility CISA has built up over the years will put its officials in a position to facilitate conversations among the FBI, NSA, and other branches of government when it comes to key cybersecurity issues. 

Walden anticipates DHS will become "even more of a central agency" than it has in the past, noting that "Krebs did a great job bringing CISA to the forefront."

Rebuilding Partnerships: Public, Private, International
All three panelists stressed the importance of collaboration – with the private sector, with law enforcement, and with other nations – for battling security threats. 

A challenge in the public-private partnership is there is no single place where businesses can communicate with the government, said Walden. She explained the need for an office where organizations can communicate once and their message is shared across government in a productive way. As someone with experience in both sectors, she hopes the Biden administration "doubles down" on information sharing.

"I think that's the only way we're going to be able to drive up the cost of cyberattacks on critical infrastructure – if there is a robust, constant partnership between the private sector and the government," Walden said.

Adversaries won't hit key targets in an obvious way, she noted. "They'll go around, they'll go under, they'll go through to get at our critical infrastructure," she said. 

Walden said that Microsoft is hoping to broaden government engagement for tackling cyberthreats like ransomware, which panelists agreed is a key area of concern among the public and private sectors. What's unique about ransomware is there isn't a specific infrastructure, Walden explained. The trick with ransomware is to focus on the payment distribution system and bring it down– an area where public and private organizations could collaborate.

Information sharing could also improve partnerships with law enforcement, Eoyang said. In trying to put together metrics for how cybercrime is being address, Third Way noticed the numbers are crude: It has self-reported incident data and number of arrests, but no intel on how those two are linked together or how many arrests are linked to specific incidents. Law enforcement has an opportunity to measure what's happening, she explained.

"That's a data challenge I think we're going to have to wrestle with as we go forward, but we know that the crime scales," she said. "We have to do a better job of information sharing."

She also hopes the incoming administration will recognize the need for, and benefit of, working more closely both with law enforcement and the private sector for fighting cybercriminals.

Painter explained the need for greater collaboration with other nations, noting cybercriminals often route their attacks through other countries.

"We need to have those partnerships, and we need to have that capacity building," he said.

This will drive much-needed accountability and consequences for attackers.

"One of the approaches I'd like to see in the Biden administration is encouraging international cybernorms – maybe even encouraging at some point a cyber doctrine or treaty that will govern the use of cyber measures across countries, across companies," Walden said.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-17
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prior to 5.3.2. When an application defines multiple firewalls, the token authenticated by one of the fir...
PUBLISHED: 2021-06-17
In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated user were to interact with a malicious web page it could allow for a complete takeover of the router.
PUBLISHED: 2021-06-17
In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command.
PUBLISHED: 2021-06-17
Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught exception. The vulnerability is patched in version 3.15.1.
PUBLISHED: 2021-06-17
Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a victim had to initiate the sharing flow and choose t...