It has been an important week for Cyber Security in the United States with several key announcements from President Biden and his administration on funding and appointments as well as a response to the Solar Winds attack. We take a look at the key developments.
On Monday 12th April, the Biden Administration nominated former NSA deputy director Chris Inglis for the newly created position of National Cyber Director. The role was established last year by Congress and will involve the coordination of cyber defences with cyberoperations and the military as part of the overall US cyber strategy. Chris Inglis is still to be confirmed by the Senate but he comes with a strong reputation and considerable respect amongst his peers for his professionalism, technical expertise, operational experience and diplomacy. He has a reputation for building collaborative relationships at a strategic level which will be essential in building cross-department cooperation. He will be the first incumbent in the role.
The second nomination announced was that of Jen Easterly as Director of the Cybersecurity and Infrastructure Security Agency within the Department for Homeland Security. The choice of Easterly has also received praise from Congress given her previous experience in NSA.
These nominations are a significant move by the Administration to stamp its authority on cyber security, given criticism of a perceived initial low-key response to the recent Microsoft Exchange breach. This breach, attributed to the Hafnium hacking group linked to the Chinese intelligence services, and the SolarWinds compromise, carried out by hackers linked to the Russia’s Foreign Intelligence Service (the SVR), will ensure that Inglis and Easterly have a full in-tray when they take up their appointments.
The growing cyber threat the US faces could have been a significant factor in the boost in the cybersecurity budget announced on Friday 9th April. An extra $110 million has been requested creating a total pot of $2.1 billion to improve ‘federal cybersecurity across government’. This increase in budget would confirm the Administration’s commitment not only to improve federal information security standards but also to assist State and local government, with $20 million set aside for a new Cyber Response and Recovery Fund.