National Cyber Director Outlines Staffing Framework for 75-Person Office 

By the fall of 2022, National Cyber Director Chris Inglis expects his office will be fully staffed and running toward four outcomes he described as being in line with the legislation that created his position. 

“We will probably staff out—the legislation called for a floor of about 75 people—turns out when you look at all of those functions and what's required to do those various things you get to about 75 people,” Inglis said. “So I expect that by this time next year, we'll have, you know, a full featured kind of set of folks who are helping us get those things done working collaboratively with the other players in this space, both in the private and the public sector.”

Inglis spoke Thursday alongside Amazon Web Services Vice President David Levy at an event hosted by the Reagan Institute.

The outcomes he said would guide the staffing effort are: federal cohesion, both within the government and with private critical infrastructure providers; more emphasis on public-private collaboration; budget reviews and direction; and resilience into the long term. 

Inglis’ mission is clearest where he reviews agency budgets to determine how cybersecurity funds should be allocated and acts as a liaison between Congress, the private sector and the White House.

“We may on occasion say that we need more dollars in this corner, but more often than not we're probably going to talk about how perhaps you know we lost our way along the way in terms of the expenditure of those dollars,” he said. “We need to get that right so that we're good stewards of the public's money and the confidence given to us by Congress.”

A big selling point for the creation of Inglis’ office, which became law with the last National Defense Authorization Act, was that it would provide the president with a single point of accountability on cybersecurity, or “one throat to choke,” as Sen. Angus King, I-Maine, described it. But during the event, Inglis acknowledged that there is a lot of overlap between his role and those of  Deputy National Security Adviser for Cyber and Emerging Tech Anne Neuberger and Cybersecurity and Infrastructure Security Agency Director Jen Easterly.

“We need to get to a place where it’s the collective responsibility of many parties in government to ensure that concurrently that accountability is felt by every user every agency, every department head, and perhaps ultimately it's the job of a national cyber director and Anne Neuburger to ensure that that accountability is felt, and that that accountability is met,” he said.

Inglis said Neuberger’s role is to handle situations where other elements of government such as diplomacy and law enforcement need to be involved and referenced the Colonial Pipeline hack where there were physical repercussions related to fuel supplies. He described his role as being concerned with what occurs “inside cyberspace.”

But in an environment where physical components are increasingly connected to the cyber domain, that’s a hard line to draw. “At the end of the day there's a huge intersection between those two roles and we'll work our way through that through frequent and rich engagement,” he said.

He also drew attention to Easterly’s role as the “on-field quarterback” in those situations he sees as being contained within cyberspace. “Most of the operations that the U.S. government undertakes that require some coordination in execution are actually Jen's,” he said. “So similarly, I and Jen Easterly have a frequent and rich dialogue, often two or three times a day, to make sure that those roles complement one another and that we're never contending for the same space.”

“The Office the National Cyber Director leads should not be a new power in its own right that operates independent of others, rather the purpose of its power should [be] to get strength, advocacy, and leverage context for all the powers that already exist,” he said.