A coalition of industry stakeholders is urging the Biden administration to nominate a national cyber director by the end of the month in a new letter sent to the White House Wednesday.
Cybersecurity groups and industry stakeholders are calling on the White House to nominate a new national cyber director by the end of the month, warning in a new letter that the federal leadership vacuum could hinder the implementation of the national cyber strategy released earlier this year.
The Cybersecurity Coalition, an organization of leading companies and policymakers focusing on improving the nation's cyber posture, sent a letter to White House chief of staff Jeff Zients on Wednesday that said "swift action is crucial in filling this role" to address ongoing threats and an ever-changing cyber landscape. The letter was also signed by BSA The Software Alliance, the Information Technology Industry Council, the Center for Cybersecurity Policy and Law and the Better Identity Coalition.
The news comes amid a Microsoft report of yet another successful penetration of U.S. government systems – this one linked to a China-based hacking group.
President Joe Biden has yet to officially nominate a new director to lead the Office of the National Cyber Director following Chris Inglis' retirement in February, leaving Acting Director Kemba Walden to fill the spot ever since.
"We are concerned that the delay in nominating a candidate for the National Cyber Director role could impede the great work accomplished under Director Inglis and Acting Director Walden, hinder the implementation of the National Cyber Strategy and jeopardize the effectiveness of ONCD," the letter read.
The letter also urges the president to issue an executive order outlining the cybersecurity roles and responsibilities of various federal cyber entities, including ONCD, the National Security Council, the Cybersecurity and Infrastructure Security Agency and others. The aim is "to prevent confusion and publicly clarify" the objectives of each organization.
Cybersecurity experts and federal policymakers have often referred to the role of national cyber director as the "quarterback" of U.S. cyber operations, leading a coordinated approach to major cyberattacks and developing responses to new vulnerabilities that impact federal networks. But industry groups said there is still confusion around the entities tasked with responding to cyber incidents and what role each plays in the event of a major attack.
"If ONCD is the quarterback, the question is: Are we playing offense, defense or special teams?" Henry Young, director of policy for BSA, told Nextgov/FCW. "Are we talking about policy, are we talking about an operational incident response, are we talking about moving the machinery of the U.S. government and its agencies to adopt new and better cybersecurity practices?"
"Each of those is its own challenge," he added.
The vacancy was the subject of a congressional letter in May in which lawmakers urged the White House nominate a permanent director. A month later, a senior CISA official confirmed that a widespread cyberattack exploiting a vulnerability discovered in the popular MOVEit file-transfer service impacted several federal agencies.
Experts also said the White House would face challenges implementing the national cyber strategy, from a lack of adequate federal funding, to a gap in the resources and talent necessary to bolster U.S. national cyber preparedness.
"When we're thinking about roles and responsibilities, there are still questions to be answered," Young said. "It's possible that everyone inside the government understands the answers to those questions, in which case industry would like some insight, some transparency, so we understand what's going on."