President Biden and his administration have hit the ground running on cybersecurity during his first week in office, with a particular emphasis on addressing the recent Russian hack that hit the federal government and major U.S. companies.
Experts are calling the focus on cyber issues — and Biden’s efforts to quickly fill key roles and push back against foreign adversaries — a breath of fresh air after four years of the Trump administration.
“Certainly all of the action, and the substantive nature of the action, represents that they’ve put cybersecurity as a priority, which they had said in the transition, but they are putting their money where their mouth is and moving forward on it,” said Kiersten Todt, former executive director of a cybersecurity commission under former President Obama who’s now managing director of the Cyber Readiness Institute.
Administration officials have been forced to immediately confront cybersecurity due to the Russian hacking operation against the IT group SolarWinds, a company that counted much of the federal government and U.S. Fortune 500 companies among its customers.
During his first week in office, Biden took action to get his arms around the cyberattack, which counts the Treasury, Justice and Commerce departments among its victims. Biden ordered the intelligence community to conduct an assessment of the hack, and he raised it Tuesday during his first conversation as president with Russian President Vladimir Putin.
Biden pledged before taking office that he would take a strong stance against Russia and any other foreign nations who attempted to interfere with the U.S. in cyberspace, vowing in December to make cybersecurity an “imperative.”
He took steps toward delivering on that pledge by including more than $10 billion in cybersecurity and IT funds to boost federal cybersecurity efforts in his $1.9 trillion COVID-19 relief proposal. Whether those provisions remain in the bill is unclear, as Biden has indicated he’s open to negotiation on the package.
Beyond Cabinet picks such as newly confirmed Director of National Intelligence Avril Haines and Homeland Security secretary nominee Alejandro Mayorkas, who said during her confirmation hearing that cybersecurity is a “priority,” Biden has also moved swiftly to fill other roles.
The White House announced last week that Anne Neuberger, the director of the National Security Agency’s Cybersecurity Directorate, will fill the new position of deputy national security adviser for cyber and emerging technology on the National Security Council.
The administration also selected former Biden campaign chief information security officer Chris DeRusha as federal CISO and former NSA official Michael Sulmeyer to serve as senior director for cyber on the National Security Council.
And according to Reuters, Biden is eying Jen Easterly, another former NSA official, to serve in the newly created cyber czar role.
“The Biden Administration’s rapid steps to fill cyber positions demonstrate that cybersecurity will be a priority for this administration,” said Michael Daniel, former cybersecurity coordinator under former President Obama who’s now head of the Cyber Threat Alliance.
Theresa Payton, White House chief information officer under former President George W. Bush, also applauded the new hires.
“I say bravo, because what’s wonderful is regardless of who the administration is and the political appointees in charge of these groups, there are dedicated men and women running the operations day to day,” said Payton, who serves as CEO of cyber consultancy group Fortalice Solutions. “The sooner the better to get seasoned leadership in place to understand what’s working well.”
Biden’s efforts to address cybersecurity in his first week stand in contrast to the Trump administration, which was widely criticized for eliminating both the cybersecurity coordinator position at the White House and the State Department’s cyber office, though a new cyber and emerging technology bureau was established prior to former President Trump leaving office.
While Trump officials, including former Secretary of State Mike Pompeo and former Attorney General William Barr, cited Russia as behind the SolarWinds attack, Trump only addressed the incident once in a tweet, and tried to shift the blame to China.
“Obviously this is a significant improvement over the Trump administration’s policy to eliminate the cybersecurity coordinator, but that’s a low bar to jump over. The higher bar, which they are striving for, is by having these experienced professionals who have a good understanding that public-private collaboration is critical to success,” said Mark Montgomery, a senior fellow at the Foundation for Defense of Democracies.
But even with his early moves, Biden is under pressure to go further, particularly on Chinese technology issues, an area of intense focus during the Trump administration.
White House press secretary Jen Psaki on Monday stressed that while Biden planned to “hold China accountable” on technology-related issues, no formal decisions about the administration’s stance on companies such as Huawei and TikTok’s parent company ByteDance had been made.
Commerce Secretary nominee Gina Raimondo refused to commit during her confirmation hearing Tuesday on whether the agency would keep Huawei blacklisted if she was confirmed.
“I worry a little about having the same attention to detail with China,” Montgomery said. “China represents, as they do in many security areas, the more long-term threat, but as long as we are consistent in applying this to Russia, China, Iran, and North Korea, I think we will be in a good position.”
Beyond China, Daniel recommended that Biden keep up a continued focus on the SolarWinds incident, the cyber czar office, and strengthening federal cybersecurity capabilities in the first 100 days.
“The Biden administration should focus on building on the successes of the past four administrations,” Daniel said. “It should resist the temptation to review previous policy decisions around roles and missions.”