How Will the National Cyber Director Work with CISA and Others?
The national cyber director will need to work effectively with other relevant players and agencies in the federal cyber realm, Montgomery and Morgus argue. That includes the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, which also needs a new permanent director.
“This is important not only to establish the national cyber director’s role as the implementer of the president’s national cyber policy, but also to gain a better understanding of where each relevant department and agency currently sits with regard to cyber priorities and capabilities,” they write.
According to the law, the cyber director is to “coordinate” with the attorney general, the federal CIO, the director of the Office of Management and Budget, the director of national intelligence, and the director of CISA in order to streamline “Federal policies and guidelines” and “regulations relating to cybersecurity.”
“The bill does not specify the precise purpose of such ‘streamlining’ efforts, but it does refer in part to existing federal law concerning the information security practices of federal agencies,” Robert Chesney, a law professor at the University of Texas School of Law, writes on the Lawfare blog. “For most government agencies, CISA already performs the role of key overseer of their information security practices.”
The national cyber director is also in charge of efforts to “coordinate and consult with private sector leaders on cybersecurity and emerging technology issues in support of, and in coordination with” the director of CISA, the director of national intelligence and other appropriate federal agencies.
The national cyber director will also likely need to work with Anne Neuberger, the cybersecurity director at the National Security Agency, who will become the first deputy national security adviser for cyber and emerging technology on the National Security Council. How that arrangement will work, exactly, is up in the air.
Chris Painter, who was a State Department cyber coordinator in the Obama administration, tells The Washington Post that “there’s this real open question” about how the two roles will mesh. Painter tells the Post that if the national cyber director is someone who is too offense-minded when it comes to cybersecurity, that might tip the scales too much in favor of offensive cyber operations.
Megan Stifel, executive director for Americas at the nonprofit Global Cyber Alliance, tells the Post that someone who served at CISA or in the Commerce Department could balance the equation in the national cyber director role.
MORE FROM FEDTECH: How will the new administration impact federal IT?