Biden pick for cyber director uncertain if government’s cyber strategy works

President Biden’s pick for America’s first national cyber director is not sure that the federal government has a unifying cyber strategy.

John C. Inglis, the nominee for the new position, told senators Thursday that if he is confirmed, his first question would be whether the government’s cyber structure works.

“We have some deep and sharp strengths, we have strength in places like [Cybersecurity and Infrastructure Security Agency], the FBI, the national agencies who do intelligence and [General Services Administration], but it’s not entirely clear that they’re coherent; that we have achieved unity of purpose; that they’re all operating according to a single strategy that would connect that diversity such that it becomes a strength,” Mr. Inglis said at a Senate confirmation hearing. “I think that we can and should become greater than the sum of our parts, I’m not sure that we’re yet there.”

Mr. Inglis testified alongside Jen Easterly, Mr. Biden’s pick to run the Cybersecurity and Infrastructure Security Agency (CISA). Together, they would be tasked with developing a national cyber strategy amid a plague of cyberattacks hitting critical infrastructure and hacks corrupting federal networks. Mr. Inglis and Ms. Easterly previously served in the National Security Agency.

Precisely what Mr. Inglis and Ms. Easterly are going to do if confirmed is still a matter of debate. Sen. Angus King, Maine independent who caucuses with Democrats, told his colleagues the nominees would oversee conflict in the cyber domain wherever it arises — on Wall Street, at a pipeline company or in a water services utility anywhere in America.

Mr. King introduced Mr. Inglis to the Senate Homeland Security and Governmental Affairs Committee and urged the lawmakers to “reimagine conflict.”

“America is under attack, we’re under attack today, and this is one of the most serious conflicts, one of the most serious challenges that this country has faced in the post-World War II period,” Mr. King said. “The two positions that we’re really talking about today are the equivalent of the secretary of defense and the head of the joint chiefs of staff. These are people who will be charged with defending this country in what is an ongoing and serious conflict.”

The nominees opted for more benign descriptions, with Ms. Easterly casting herself as a quarterback and Mr. Inglis as her head coach. Mr. Inglis said he would oversee budgets, policy and planning, while Ms. Easterly said she would focus on getting CISA the personnel, authority, and budget it needed to ensure the agency had the ability to protect the federal government.

Upon arrival, the new federal cyber officials will find growing sums of taxpayer cash at their disposal. As cyberattacks and hacks affecting the country and government have multiplied, so has taxpayer spending on cybersecurity. CISA received $650 million as part of a COVID-19 relief package passed earlier this year, and a bipartisan duo of Reps. Jim Langevin, Rhode Island Democrat, and Mike Gallagher, Wisconsin Republican, have pushed for CISA to receive $400 million more straight away.

The installation of Mr. Inglis and Ms. Easterly in the federal government’s top cyber posts would also serve as a triumph of the Cyberspace Solarium Commission, which has pursued overhauling national cyber policy in a manner modeled on the Eisenhower administration’s secret Project Solarium study that considered options for confronting the Soviet Union in the Cold War.

Mr. King and Mr. Gallagher co-chaired the commission while Mr. Inglis served as a commissioner and Ms. Easterly participated on the commission’s “red team” that provided input on the development of a cyber deterrence strategy. Mr. King and Mr. Gallagher vouched for Mr. Inglis and Ms. Easterly’s nominations.

Congress created the commission in a 2018 defense bill and the commission touts having codified 25 of its recommendations into law. The commission successfully got the federal government to adopt all of its recommendations for the Department of Defense but had less success across other federal agencies, said Mark Montgomery, Cyberspace Solarium Commission executive director, on Steptoe & Johnson’s Cyberlaw Podcast published in April.

Mr. Montgomery said the commission officially ends on December 31, 2021, but Mr. Inglis and Ms. Easterly’s presence in the government may help ensure that the remaining agenda of the Cyberspace Solarium Commission outlasts that deadline.