The Biden administration has finally chosen a nominee to lead the Cybersecurity and Infrastructure Security Agency. Jen Easterly, who is a former counterterrorism and cybersecurity official at the National Security Agency, will now advance to the hearing phase. The Biden administration also tapped Chris Inglis, who was previously the NSA's deputy director, for the post of national cyber director nominee, according to The Wall Street Journal.
New Personnel At CISA Will Inherit a Dangerous Cyber Landscape
Easterly formerly was at the NSA under the Obama’s administration, for a period when America faced constant hacking attacks from foreign belligerents. A report from NBC news in 2015 cited a secret NSA map that noted around “600 corporate, private or government victims of Chinese Cyber Espionage that were attacked over a five-year period.” These intrusions affected high profile entities that operated in “all sectors of the U.S economy, including major firms like Google and Lockheed Martin, as well as the U.S. government and military,” according to the NBC report.
Inglis, if confirmed, will be the first ever national cyber director. The newly created position was born out of annual defense policy spending. The national cyber director will be in charge of coordinating US cybersecurity efforts at the federal government level.
These major personnel moves come in the wake of the release of a Government Accountability Office (GAO) report that tweaked deficiencies currently stifling efforts at CISA. The report concluded that over 50 planned tasks were incomplete as of mid-February of 2021. According to the report, “This in turn may impair the agency’s ability to identify and respond to incidents, such as the cyberattack discovered in December 2020 that caused widespread damage.”
Changes at CISA were expected, with one of President Trump’s last executive appointments, Brandon Wales, still at the top of the agency. The new appointments, Easterly and Inglis, if eventually confirmed, enter a tough situation with major cyber events that include the SolarWinds hack, attacks carried out by Chinese hacking group Hafnium against Microsoft’s Exchange Server software, and Advanced Persistent Threat or APT attacks targeting security software Fortinet FortiOS, all grabbing headlines in recent months.