(Release: I worked with almost everyone mentioned in this article at the Aspen Institute, where most were engaged in the public-private Aspen Cyber Security Group. I am also a co-author of 2018. book on the U.S. government’s approach to cybersecurity with John Carlin.)
With the exception of the Justice Department team, key cyber players share a special background as veterans of Fort Meade, National Security Agency bases, and U.S. cyber commands. In addition to Nakasone, Inglis spent nearly 30 years with the civilian side of the NSA, becoming its deputy director. Prior to her appointment earlier this year, Neuberger established and headed the NSA’s Cyber Security Directorate and previously served as its Chief Risk Officer, creating a single public voice for an agency not otherwise known for its public engagement. Easter, who worked on the NSA’s elite hacking team known as Custom Access Operations, in 2009 helped design, along with Nakasone and others, what later became American cyber team.
That shared NSA DNA is a kind of belated recognition of how long cyber security has taken its place in the wider government bureaucracy. When the Biden administration sought post-election elections for senior, respected leaders who had worked and pondered these issues for years, it really had only one fund of talent from which to draw.
The NSA and Cyber Command, for their part, moved rapidly during the Trump administration to regulate more aggressive offensive cyber operations. Nakasone, as WIRED reported last fall, has carried out more offensive online operations in his nearly three years at the helm of the double-hat arrangement than the U.S. government ever did before his term – combined. In recent months, the American cyber command has begun focus their own attention not only to opponents of nation-states, but also to transnational organized crime, to which U.S. officials are increasingly emphasizing that it has risen to a scale and sophistication equal to the threats of established network opponents such as Iran and China.
The Biden White House, however, is still heavily addressing its own approach to cyber issues, from Chinese technology companies to ransomware. Although Inglis, Neuberger, Monaco, Easterly and Nakasone are friendly and collegial, they have different philosophies and have now found themselves spread across the government with very different capitals, tools and abilities.
How Inglis and Neuberger will work together and share power within the White House in the future will be one of the biggest questions of the Baiden administration’s approach to the Internet, as well as how Easter and Nakasone balance the government’s civilian and military approach online. The answers will relate not only to current technology and security policy but also to the future of U.S. cyber defense. If the NSA and Cyber Command split in two at the end of Paul Nakasone’s term, then Neuberger, Inglis and Easterly are among the obvious candidates – along with current NSB Cyber Security Director Rob Joyce – to take over the reins of the intelligence agency.
They will have to cope with the long-standing tensions between their agencies and their relative funding. CISA was formed only in 2018, from what has been for a long time wrapped and changing shape The DHS component is most recently known as the National Protection and Programs Administration. Recruitment begins this spring, bringing in hundreds of new cyber professionals, but it’s still only a quarter to a third the size of Cyber Command, and not even a tenth the size of the NSA. There are few true authorities that would force cooperation in the private sector, or even sometimes within government.
And those are the only complications facing anyone who wants to achieve a coherent government response to even-growing online threats. In addition to the “big five” mentioned above, the US Secret Service and the implementation of immigration and customs also share online executive duties, and many Americans were surprised to find this spring in the middle of a colonial pipeline incident that the Transportation Security Administration is best known for its uniformed airport security guards, in fact, oversee the cyber-security of national pipelines, among other unusual corners and jurisdictions.