White House cyber chief backs new federal bureau to track threats
National Cyber Director Chris Inglis on Monday made the case for establishing an office within the Department of Homeland Security (DHS) to track and analyze cybersecurity incidents in order to ensure the nation has an early warning system to understand adversary efforts to target U.S. organizations.
Inglis, who was unanimously confirmed by the Senate as the nation’s first White House national cyber director in June, pushed for the establishment of a Bureau of Cyber Statistics within DHS as a means to help tackle the increasing number of major cyberattacks over the past year.
“Unless we can kind of ride across the boundaries that jurisdictionally divide us, we’re not going to find out the trends until they afflict all of us, and we therefore have to appeal to a collection of that data by something, somehow so that we can get our arms around this,” Inglis said during a virtual event hosted by the Atlantic Council on Monday.
The idea for the new office was first floated by the Cyberspace Solarium Commission (CSC), a congressionally established organization made up of members of Congress, federal officials and industry leaders which produced a report last year on ways to defend the U.S. in cyberspace. The CSC originally recommended the establishment of the bureau at the Department of Commerce.
Inglis, who is a CSC commissioner, said that the proposed bureau would be tasked with collecting, analyzing, and publishing information on cybersecurity threats collected from organizations that respond to cybersecurity incidents or that offer cybersecurity insurance. These groups would be required to report incidents to the bureau every 180 days.
“To properly address risk, we have to first understand it, we have to understand where it’s concentrated, where it cascades, what causes it, and more importantly to then discover how to address it,” Inglis said. “The Bureau of Cyber Statistics can do just that.”
Inglis stressed that while the Biden administration has not yet formally endorsed the idea of establishing the office, it was under consideration.
“I think all would agree that in the absence of this information, we are going to be episodic, we are going to be uneven, and perhaps less than optimal in our response to any of these threats which reflect all of us in kind,” Inglis said.
The creation of the bureau has bipartisan support. Sen. Angus King (I-Maine), the co-chair of the CSC, along with CSC members Sens. Ben Sasse (R-Neb.) and Mike Rounds (R-S.D.) last week introduced legislation aimed at protecting critical infrastructure against cyberattacks, including through establishing a Bureau of Cyber Statistics at DHS.
Inglis previously served as deputy director of the National Security Agency (NSA) under both former Presidents George W. Bush and Obama. He took over the national cyber director role in the wake of multiple major cybersecurity incidents that forced the Biden administration to make strengthening the nation’s cybersecurity an early priority.
These included the SolarWinds hack, discovered in December, which involved Russian-government backed hackers compromising nine federal agencies for much of last year, and debilitating ransomware attacks on Colonial Pipeline and meat producer JBS USA.
The national cyber director position was established as part of the most recent National Defense Authorization Act, just over two years after the White House cybersecurity coordinator position was eliminated under the Trump administration, raising bipartisan concerns about federal cyber leadership.
Inglis will work closely with Anne Neuberger, President Biden’s deputy national security advisor for Cyber and Emerging Technology, and with Jen Easterly, the newly confirmed director of the Cybersecurity and Information Security Agency at DHS.
He noted that he had already spoken with both Neuberger and Easterly on Monday before the Atlantic Council event, and that he hoped to “align” his priorities with theirs. These include better use of federal funds to tackle cybersecurity threats, better coordinating work between agencies, and enhancing public-private partnerships.
“What I describe is not meant to be independent or a stovepipe amidst all of this, but rather something that compliments the players that are already in this space,” Inglis said of his goals for the national cyber position.
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.