Busy agenda for the newly appointed cyber director at the national level
Sean Cairncross, the third Senate-confirmed National Cyber Director (NCD), has stepped into his role at a critical time for U.S. cybersecurity. With the Cybersecurity Information Sharing Act of 2015 (CISA 2015) set to expire on September 30, and deep concerns about China-linked hacks of U.S. critical infrastructure, Cairncross has a daunting task ahead.
Established under the Biden administration in 2021, the Office of the National Cyber Director (ONCD) serves as a central authority for cyber strategy, planning, coordination, and response at the federal level. The role of the NCD is to advise the President on cybersecurity policy and strategy, coordinate cybersecurity efforts across federal agencies, and develop national cyber strategies and frameworks.
Cairncross is emphasizing policy coordination across government agencies. His priorities include harmonizing cybersecurity regulations, streamlining cyberattack reporting rules, transitioning federal cyber workforce hiring to skills-based models, promoting software liability to hold vendors accountable for weak security, and expanding the U.S. cyber workforce.
One of Cairncross's key tasks is to secure the reauthorization of CISA 2015. This framework, which enables real-time, trusted sharing of cyber threat indicators between private companies and federal agencies, while providing liability protections to encourage information sharing, has been foundational in helping detect and respond to cyber threats at a national level. There is bipartisan consensus in Congress leaning toward a straight reauthorization to avoid dismantling this decade-long framework.
The ONCD could also focus on updating the government's cyber incident response plan, ensuring that systemically critical assets are identified and prioritized for support, and addressing "continuity of the economy" planning for a large-scale cyber attack. The Office of the National Cyber Director could also work on coordinating and strengthening the various Sector Risk Management Agencies that oversee critical infrastructure sectors.
House Homeland Security Chairman Andrew Garbarino expressed confidence in Cairncross's leadership and mentioned the importance of the Department of Homeland Security's State and Local Cybersecurity Grant program. The federal cyber workforce, such as the Cybersecurity and Infrastructure Security Agency, faced cuts under the previous administration. Cairncross, who served as a senior advisor to the White House chief of staff during President Donald Trump's first term, will need to navigate these challenges and rejuvenate the federal cyber workforce.
The ONCD's influence on the rest of the federal government is still an open question. However, with Cairncross's focus on policy coordination and his commitment to reauthorizing CISA 2015, he could help reinject excitement into the prospect of a federal cyber job and strengthen U.S. cyber resilience.
References:
- White House Fact Sheet: Establishment of the Office of the National Cyber Director
- Cybersecurity Information Sharing Act of 2015
- Biden administration's national cyber director pledges to reauthorize cybersecurity law
- The National Cyber Director's Role in Reauthorizing CISA 2015
- The National Cyber Director: A New Federal Role in Cybersecurity
The National Cybersecurity Director, Sean Cairncross, is prioritizing policy coordination among federal agencies, including harmonizing cybersecurity regulations and promoting software liability. In addition, he intends to secure the reauthorization of the Cybersecurity Information Sharing Act of 2015 (CISA 2015), a crucial framework for national cybersecurity.
The Office of the National Cyber Director (ONCD) could also focus on updating the government's cyber incident response plan, strengthening the Sector Risk Management Agencies, and addressing continuity of the economy planning for large-scale cyber attacks. These efforts aim to fortify U.S. cyber resilience, as demonstrated through the ONCD's role in advising the President on cybersecurity policy and strategy.
