• Mike McCormick

Four Cybersecurity Leaders for Biden

Updated: Nov 18


Cybersecurity will be one of Joe Biden’s top priorities when he becomes US president. I believe this will become clear to him when he begins receiving Presidential Daily Briefs (hopefully soon) and learns about ongoing cyber threats to US critical infrastructure, military, and elections.



On Day One Biden must appoint strong people to the US government’s four top cybersecurity jobs:


1. CISA Director (Dept of Homeland Security)

Mission

Defend civilian critical infrastructure against all adversaries

Trump Appointee

Christopher Krebs (fired 11/17/20)

Who Biden should appoint

Christopher Krebs

Top priority

Continue hardening election systems & monitoring election threats


In breaking news as I wrote this blog, President Trump fired CISA director Christopher Krebs after Krebs publicly called the 2020 election “the most secure in American history.” Krebs was referring to cybersecurity of election computers, but taken out of context his comments seemed to contradict Trump’s narrative of massive voter fraud. DHS head Chad Wolf resisted firing Krebs for good reason; Krebs did an outstanding job launching and managing the new CISA agency. Continuity is needed while CISA continues to get its sea legs. Biden should rehire Krebs, with a mandate to continue his election security work.


2. US Cyber Command (Dept of Defense)

Mission

Military cyberwar against foreign adversaries (defense & offense)

Trump Appointee

Paul Nakasone

Who Biden should appoint

Paul Nakasone (till 2022)

Top priority

Separate CYBERCOM from NSA


President Trump also made recent personnel changes at the National Security Agency (NSA) which is headed by Paul Nakasone. In addition to his role as DIRNSA, Nakasone heads the military US Cyber Command (CYBERCOM). Under a “dual hat” arrangement, most NSA employees can also work for CYBERCOM. As I’ve discussed elsewhere, the current dual hat arrangement is controversial. Nonetheless, Nakasone has managed CYBERCOM capably and deserves to continue until his term ends in 2022. At that time, Biden should appoint a new leader who will separate the Siamese twin agencies and stand up the fledgling CYBERCOM on its own two feet.


3. Chief Information Security Officer (Ofc of Mgmt & Budget)

Mission

Secure federal agencies against all adversaries

Trump Appointee

Camilo Sandoval

Who Biden should appoint

Kurt Garbars

Top priority

Bring agencies into compliance with NIST CSF


Federal CISO Camilo Sandoval was appointed by Trump just a month ago and already has taken a leave of absence to work with a private Republican group investigating alleged 2020 voter fraud. Sandoval had no prior security experience and obviously has little interest in the job. Biden should appoint someone nonpartisan with real experience. If Kurt Garbars can be lured out of his retirement in Australia, he’d be a good choice, having served as CISO of the General Services administration for 17 years under both Democrat and Republican presidents. Whoever Biden appoints should focus on aligning all federal agencies to the NIST Cybersecurity Framework (CSF). Once all agencies are pursuing the same objectives and speaking a common language, herding cats should get a little easier.


4. White House Cybersecurity Coordinator (National Security Council)

Mission

Coordinate cyber policies and priorities, advise POTUS

Trump Appointee

Position eliminated

Who Biden should appoint

Richard Clark

Top priority

Rebuild coordination across government


The Trump administration eliminated the White House cybersecurity czar early on when John Bolton moved to “streamline” the NSC. (He also eliminated the NSC’s pandemic response office.) The White House needs someone to focus on cyber issues, coordinate the work of other cyber leaders, advocate strategies and policies, and advise the president. Pressure has been building to bring back this important position, perhaps with Senate confirmation.


I had the honor of working with Obama’s cyber czar Howard Schmidt, and saw for myself how impactful the job can be. Sadly, Howard is no longer with us. But Richard Clark played this role famously under George W. Bush and remains an influential voice on cyber issues. As a Republican, Clark would be an interesting choice for Biden, demonstrating that competence trumps partisanship. Whoever Biden chooses will have to rebuild the lines of communication and coordination that Bolton dismantled.


The Biden transition team must plan now to fill these vital roles on Day One and set cyber priorities. The American people are watching – and so are our adversaries.

Michael McCormick is an information security consultant, researcher, and founder of Taproot Security.

© 2020 Taproot Security

This site uses cookies for security.

Our cookies do not store personal information.