President Joe Biden on Monday named two former National Security Agency officials to top cybersecurity positions in his administration, filling vacancies that lawmakers and policy specialists have bemoaned as digital security crises wrack the country.
In a statement, the White House said that Biden would nominate former NSA Deputy Director Chris Inglis to be his national cyber director, choosing a former senior intelligence official to lead a newly created White House office that will guide Biden’s cyber strategy and oversee agencies’ digital security.
The president will also nominate Jen Easterly, a former deputy director of the NSA’s counterterrorism center, to lead the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, which helps defend federal government networks and America’s critical infrastructure facilities, the White House said.
“If confirmed, Chris and Jen will add deep expertise, experience and leadership to our world-class cyber team,” national security adviser Jake Sullivan said. “We are determined to protect America’s networks and to meet the growing challenge posed by our adversaries in cyberspace – and this is the team to do it.”
Inglis and Easterly had both been considered frontrunners for the national cyber director job, while Rob Silvers, a former DHS official, had been considered the leading candidate to take over CISA. Instead, Biden will nominate Silvers to be the under secretary of DHS for policy, a role in which he is expected to focus heavily but not exclusively on cyber issues, two people familiar with the matter said. They requested anonymity to discuss nominations that have not been announced.
Inglis’ and Easterly’s nominations, first reported by The Washington Post, cement the power of the NSA alumni community in Biden’s White House. Anne Neuberger, whom Biden earlier appointed to the new post of deputy national security adviser for cyber and emerging technology, held senior roles at the NSA between 2013 and 2021. Inglis, Easterly and Neuberger overlapped at the spy agency for several years, at a time when the NSA and its military partners were increasingly flexing their muscles in cyberspace.
Neuberger said she looked forward to “working with Chris and Jen to continue building back better to modernize our cyber defenses and enhance the nation’s ability to prevent and respond effectively to cybersecurity incidents.”
A still-undefined post for Inglis
Biden’s selection of Inglis came after the White House spent nearly three months reviewing the best way to create the cyber director role, a congressionally mandated position that some senior administration officials opposed because it would give the Hill more oversight of White House activities.
POLITICO previously reported that Biden aides were reluctant to empower a Senate-confirmed White House official who would be accountable to Congress, despite the growing array of cyber threats that had prompted lawmakers to order the post’s creation last year over the objections of the Trump White House. Concerns also arose about competing power centers after Biden created Neuberger’s position.
But supporters of the national cyber director office say its importance has only grown in recent months as Biden grapples with two major digital security crises: the SolarWinds cyber espionage campaign, in which suspected Russian hackers breached nine federal agencies and roughly 100 companies, and a spate of attacks on tens of thousands of government and corporate Microsoft Exchange servers that began as a Chinese operation but soon became a feeding frenzy for cyber criminals.
Biden appears to have wavered on whom to nominate for the cyber director job almost until the last minute. Inglis’ selection was “a very recent turn of events,” said one person familiar with the matter, who said the White House notified him “within the last week.”
Inglis, a managing director at the investment firm Paladin Capital Group, served as deputy director of the National Security Agency during both the Bush and Obama administrations. He held the post from 2006 to 2014 — a time when tracking nation-state hackers and breaching foreign networks became an increasingly important part of the spy agency’s mission.
If confirmed by the Senate, Inglis will play a major role in defining his new office’s roles and responsibilities. The office, the marquee recommendation of the congressionally chartered Cyberspace Solarium Commission, is supposed to raise the profile of cyber issues inside the White House, quarterback the government’s digital security agenda, provide guidance to agencies and hold their leaders accountable for protecting their networks. It replaces an NSC cyber coordinator position that former President Donald Trump eliminated in 2018. Lawmakers authorized 75 staff for the office, but it remains unfunded.
The national cyber director position would be the first non-military, non-intelligence assignment for Inglis, who joined the Air Force in 1976, briefly taught at the Naval Academy and then spent nearly 30 years at the NSA.
The decisions that Inglis makes will shape the government’s response to cyber threats long after he leaves the position. Key questions about the office’s remit remain unanswered in a White House that was reluctant to create it in the first place. Depending on Inglis’ choices, the office could either turn out to be supremely influential or superfluous — a driver of change or a roadblock for the real power players.
One of Inglis’ biggest challenges will be dividing responsibilities with Neuberger, who has served as the public face of the White House’s cybersecurity efforts since joining the administration.
Inglis’ military background will be a double-edged sword for him. When his name first surfaced as a potential cyber director, it prompted concern among some cyber specialists who said the new office should be led by someone with a history of seeing cyber issues through a civilian lens. On the other hand, Inglis’ NSA career could help him establish the new office’s primacy over not just civilian agencies but also the military and intelligence communities, which are used to their own rules and procedures and may not bend easily to a new White House official.
Inglis’ time at the NSA also armed him with experience dealing with threats from China. While at the agency, he held a senior position in its China office.
As the NSA’s deputy director, Inglis served as its senior-most civilian official and oversaw its day-to-day operations. He was serving as the NSA’s No. 2 official in 2009 when his boss, Gen. Keith Alexander, created and became the commander of U.S. Cyber Command. The unit, originally conceived as a largely defensive force, subsequently morphed into a full-fledged combatant command with more offensive responsibilities. Guiding Cyber Command and reviewing the doctrines that it adopted during the Trump administration will be a major part of Inglis’ new job, as the U.S. seeks ways to impose costs on foreign hackers.
Inglis’ NSA service may also help him work smoothly with Neuberger, who previously led the NSA’s Cybersecurity Directorate and who rose swiftly through the spy agency’s ranks — helping to establish Cyber Command, advising Alexander and leading the NSA’s private-sector engagement arm during the nearly eight years that Inglis oversaw its day-to-day operations.
A daunting task for Easterly
Easterly, who oversees Morgan Stanley’s resilience strategy, was the NSA’s deputy director for counterterrorism from 2011 to 2013. She later served on President Barack Obama’s National Security Council as special assistant to the president and senior director for counterterrorism. During the Obama administration, she, along with Neuberger, helped create the military’s U.S. Cyber Command.
During the transition, Easterly advised Biden aides on how to set up the new cyber director office, which Congress created as part of the Executive Office of the President in a defense policy bill that lawmakers enacted over Trump’s veto.
At CISA, Easterly would replace acting Director Brandon Wales, giving the beleaguered cyber agency a permanent leader for the first time since November, when then-President Trump fired its first chief, Chris Krebs, for publicly debunking his conspiracy theories about the election.
And Easterly would take the post at a critical time, as CISA struggles with SolarWinds and the attacks on Microsoft Exchange servers.
The two crises have compounded CISA’s longstanding woes. The agency’s network monitoring programs are outdated and can’t detect sophisticated modern threats. Its incident response teams are stretched thin as they try to support federal agencies, private companies and local governments grappling with cyber threats.
If confirmed by the Senate, Easterly will face many challenges at the underfunded and overworked CISA, which was established in late 2018 to replace a DHS division that helped defend ports, hospitals and power plants from cyberattacks and dirty bombs.
Lawmakers gave CISA an emergency infusion of $650 million in Biden’s Covid-19 relief bill, and CISA has big plans for spending that money. Managing that process will be one of Easterly’s top jobs.
In the new role, Easterly would have help from Silvers, who held several senior roles at DHS during Obama’s presidency, including deputy chief of staff and assistant secretary for cyber policy. He also co-led the CISA unit inside Biden’s DHS transition team.
Silvers, a partner at the law firm Paul Hastings, is also close with DHS Secretary Alejandro Mayorkas, having served as his senior counselor from 2013 to 2014, when Mayorkas was deputy secretary of homeland security. During that time, he was also a key player in DHS’ responses to digital security crises.
Natasha Bertrand contributed to this report.