Cybersecurity

Lawmakers, experts fear key cyber vacancy leaves US vulnerable to attacks

White House National Cyber Director Chris Inglis speaks at the Council of Foreign Relations on April 20, 2022 in Washington, D.C.

Lawmakers and security experts are growing concerned over the Biden administration’s delay to nominate a permanent leader for a high-level cyber position amid a rise in cyberattacks. 

President Biden has yet to nominate a replacement for former National Cyber Director Chris Inglis, who resigned earlier this year. The expected departure of Gen. Paul Nakasone, the head of the National Security Agency (NSA) and U.S. Cyber Command, has deepened fears among top cyber policymakers.

Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wis.), sent a letter to President Biden urging him to nominate a new national cyber director as cyberattacks have increased and continue to be a significant threat to the nation.

In the letter, the lawmakers said they were “extremely concerned” the continued delay to fill the position could “hinder the implementation” of the national cyber strategy, which was released recently.

Gallagher further said in a statement to The Hill that “The White House is moving unacceptably slow to nominate a new National Cyber Director.”

The strategy, which was released in March, provided steps the administration will take to protect the nation’s cybersecurity ecosystem. It outlined several key pillars it will focus on, including defending critical infrastructure from cyberattacks, disrupting and dismantling cybercriminals, and forging international partnerships. 

“As the only position tasked with delivering and moving forward a National Cyber Strategy, each day the position goes unfilled is a day wasted towards achieving this mission,” Gallagher said.

Nakasone, who was appointed to lead both agencies in 2018, is looking to leave by August or September, a source told The Wall Street Journal.

Potential dual vacancies add pressure to Biden

U.S. Cyber Command Director Gen. Paul Nakasone speaks during a Senate Armed Services Committee hearing to discuss the fiscal 2024 budget request for the Future Years Defense Program on March 7. (The Hill).

“This problem becomes even more alarming if they allow General Nakasone’s position to go unfilled for a similar duration,” Gallagher told The Hill.

“The administration needs to move with urgency to ensure these critical positions are filled,” he added. 

Sen. King told Washington Post’s Tim Starks the two vacancies combined could become an issue. “If you add Nakasone to an empty national cyber director, it’s a big gap,” he said.

In a statement to The Hill, King said Nakasone’s expected departure “will be a significant loss” and hopes the administration “can find a good replacement for the vitally important national security role.”

Emil Sayegh, president and CEO of data security firm Ntirety, agreed with the lawmakers that the administration should quickly find the right candidate for this position. He said with cyber threats on the rise, there’s a need for quick and coordinated responses within the federal government. 

“When there’s a vacancy of a federal office that’s responsible for overseeing cybersecurity efforts, there could be disjointed efforts and disjointed initiatives underneath that could slow down reaction to threats,” Sayegh said. 

Is the US more vulnerable to cyberattacks?

Sayegh said a vacancy for such a key cyber position could open the country to threats from cybercriminals and U.S. adversaries — who are constantly on the hunt for opportunities to strike, especially when it appears there is a lack of direction or oversight.

“They always look for a vacancy, for instability, for change, for somebody to kind of take their eye off the ball,” he said. 

“And certainly right now, at least at the leadership level, we have a vacancy and about to have another vacancy,” he added. 

Sayegh also said it could also be perceived that not having a permanent seat signals cybersecurity is not a priority for the administration, which, he said, is not the case. 

“Whether it’s on purpose or not on purpose, it sends the wrong message internally and externally to our people as well as to our adversaries,” he added.

Finding the right candidate

Cyrus Walker, the founder and managing principal at cybersecurity firm Data Defenders, said while it’s important to fill the vacancy, the administration should focus on finding the right candidate for the job, including someone who will know how to effectively implement cyber policies, liaise with the president and coordinate with other federal agencies. 

He added that a vacancy doesn’t mean cyber operations are paused or the country isn’t protected from cyber threats, it just means it’s running without permanent leadership.

“I wouldn’t necessarily sound the alarm bell to say that the country is in dire straits because these two key positions are either vacant or going to be vacant,” Walker said. 

“But it is important to have leadership in place to ensure that operations can continue to move forward,” he added.

Walker said the candidate for this position will need to guide the president and facilitate decision-making to ensure cyber policies and operations are implemented smoothly and continue to evolve amid the growing threats of cyberattacks. 

“There’s always a high level of comfort that’s established when you have a sense of permanency both for the organization and for the leader being appointed to drive this forward,” he said.