Biden hires ‘world class’ cybersecurity team after massive hack
US intelligence agencies attributed the hack to Russian state actors, but Moscow has denied any involvement.
President Joe Biden is hiring a group of national security veterans with deep cyber expertise, drawing praise from former defence officials and investigators as the United States government works to recover from one of the biggest hacks of its agencies attributed to Russian spies.
“It is great to see the priority that the new administration is giving to cyber,” said Suzanne Spaulding, director of the Defending Democratic Institutions project at the Center for Strategic and International Studies.
Cybersecurity was demoted as a policy field under the administration of former US President Donald Trump. It discontinued the cybersecurity coordinator position at the White House, shrunk the State Department’s cyber diplomacy wing, and fired federal cybersecurity leader Chris Krebs in the aftermath of Trump’s November 3 election defeat.
Disclosed in December, the hack struck eight federal agencies and numerous companies, including software provider SolarWinds Corp. US intelligence agencies publicly attributed it to Russian state actors. Moscow has denied involvement in the hack.
Under a recent law, Biden must open a cyber-focused office reporting to a new national cyber director, who will coordinate the federal government’s vast cyber capabilities, said Mark Montgomery, a former congressional staffer who helped design the role.
The leading candidate for cyber director is Jen Easterly, a former high-ranking National Security Agency official, according to four people familiar with the selection process.
Now head of resilience at Morgan Stanley, Easterly held several senior intelligence posts in the administration of President Barack Obama and helped create US Cyber Command, the country’s top cyber warfare unit.
The Biden administration “has appointed world-class cybersecurity experts to leadership positions,” Microsoft corporate Vice President Tom Burt said in a statement.
Some observers worry, however, that the collective group’s experience is almost entirely in the public sector, said one former official and an industry analyst who requested anonymity. The distinction is important because the vast majority of US internet infrastructure is owned and operated by US corporations.
“Finding a good balance with both government and commercial experience will be critical to success,” said Amit Yoran, the former cybersecurity director for the US Department of Homeland Security (DHS) and now chief executive of security company Tenable Inc.
To replace Krebs at DHS, Biden plans to nominate Rob Silvers, who also worked in the Obama administration, to become director of the Cybersecurity and Infrastructure Security Agency, according to four people briefed on the matter.
Biden’s National Security Council (NSC), an arm of the White House that guides an administration’s security priorities, includes five experienced cybersecurity officials.
Leading the hires is National Security Agency senior official Anne Neuberger as deputy national security adviser for cyber and emerging technology, a new position designed to elevate the subject internally.
“The United States remains woefully unprepared for 21st-century security threats,” said Philip Reiner, chief executive of the Institute for Security and Technology. “The establishment and prioritisation of a DNSA for cyber and emerging tech on the NSC indicates the seriousness the Biden administration will afford to addressing these challenges.”
Neuberger became one of the most visible figures at NSA in recent years after leading the spy agency’s cyber defence wing, drawing praise for quickly alerting companies to hacking techniques in use by other countries.
The other four hires are Michael Sulmeyer as senior director for cyber, Elizabeth Sherwood-Randall as homeland security adviser, Russ Travers as deputy homeland security adviser and Caitlin Durkovich as senior director for resilience and response at the NSC.
All four previously served in senior national security posts that dealt with cybersecurity.