Weeks after Shocking GAO Report, CISA Looks to Address Outstanding Personnel and Organizational Issues
President Joe Biden has finally presented a nominee to be the next director of the Cybersecurity and Infrastructure Security Agency. The candidate, Jen Easterly, is a former senior counterterrorism and cybersecurity official that worked at the National Security Agency. Additionally, Chris Inglis, who previously served as NSA deputy director, is expected to be nominated to the post of national cyber director nominee, according to The Wall Street Journal.
Easterly worked at the NSA for more over three years under President Obama’s administration, during a time when the country was facing constant cyber-attacks from foreign adversaries. A 2015 report from NBC news that cited a secret NSA map, listed at least “600 corporate, private or government victims of Chinese Cyber Espionage that were attacked over a five-year period.” These attacks targeted high profile targets including victims in “all sectors of the U.S economy, including major firms like Google and Lockheed Martin, as well as the U.S. government and military,” according to NBC.
Inglis, whose service at the NSA overlapped with Easterly’s, would be the first individual to hold the newly created national cyber director post. The position was just created this January within the Executive Office of the President as part of annual defense policy spending.
The position of national cyber director will be responsible for coordinating the US government’s cybersecurity efforts at the federal level. In addition to these two major personnel moves, President Biden is rumored to be close to choosing Rob Silvers, a partner at the international law firm Paul Hastings, as DHS undersecretary for policy. He focused on cybersecurity and privacy issues while serving the law firm.
These moves come a little more than a month after the release of a Government Accountability Office (GAO) report that pointed out the many deficiencies currently hindering efforts at CISA. According to the report, 57 planned tasks were incomplete as of mid-February of this year. GAO also recommended that CISA set new “expected completion dates” for over 40 tasks that are already past their planned deadlines and prioritize ones that are deemed “mission-critical.”
The report also said that until the DHS subdivision “establishes updated milestones and an overall deadline for its efforts, and expeditiously carries out these plans, CISA will be hindered in meeting the goals of its organizational transformation initiative.”
“This in turn may impair the agency’s ability to identify and respond to incidents, such as the cyberattack discovered in December 2020 that caused widespread damage.”
CISA organizational and personnel changes, especially at the top, were to be expected as one of former President Trump’s last executive appointments, Brandon Wales, was seen mostly as a placeholder for Joe Biden’s eventual nominee.
New appointments Easterly and Inglis, if confirmed, instantaneously walk into a very difficult situation as major cyber events including the widely reported SolarWinds hack, new attacks perpetrated by the Chinese hacking group Hafnium against Microsoft’s Exchange Server software, and Advanced Persistent Threat attacks that targeted security software Fortinet FortiOS, have been able to compromise at least nine major federal agencies in addition to countless entities in the private sector.
Hopefully, these new changes can help to improve communication between the government and several critical segments the private sector, as the GAO report also concluded that a number of government and industry partners spanning 16 infrastructure sectors that included, financial institutions, telecommunications, and energy, told the GAO they had been presented with challenges in coordinating with CISA in the past.
Weeks after Shocking GAO Report, CISA Looks to Address Outstanding Personnel and Organizational Issues Written by Julio Rivera is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, has been published by websites including Newsmax, Townhall, American Thinker and BizPacReview.