And Biden is expected to appoint Eric Goldstein, another DHS veteran, to head CISA’s Cyber Security Division, filling one of the agency’s most important mid-level roles, according to a person familiar with the matter.
All three employees will play key roles as Biden ponders how his government will respond to SolarWinds’ cyber espionage campaign, a large series of cyber attacks in which hackers, allegedly from Russian foreign intelligence, have committed countless numbers of federal, state and local government agencies and private companies.
“All three of these people have extensive experience in cybersecurity,” Michael Daniel, who served as President Barack Obama’s cybersecurity coordinator, told POLITICO when asked about his thoughts on the three candidates. “They bring a lot of skills to the management and I think they would be strong players.”
Easterly, Morgan Stanley’s resilience chief, served as deputy director of counterterrorism at the NSA from 2011 to 2013 before joining Obama’s NSC, where he served as special assistant to the president and senior director of counterterrorism. It was also instrumental during Obama’s years in establishing the US Cyber Command.
Most recently, she advised Biden’s transition team on how to establish the cyber director’s office that she should now lead. Congress created the Office of the National Director of Cyber within the Executive Office of the President in the latest defense policy bill.
Silvers, a partner at Paul Hastings, served as DHS’s deputy secretary for cyber policies in the last year of Obama’s presidency, after spending two years as the department’s deputy chief of staff. He co-led the CISA section of Biden’s DHS transition team.
Goldstein, vice president and head of cyber security policy at Goldman Sachs, spent four years with CISA’s predecessor, the DHS Directorate of Programs and National Protection, during the Obama administration. In the first half of 2017, he led the public engagement branch of his cyber division. During the transition, he served on Biden’s DHS review team as part of the CISA unit.
Reuters reported for the first time that Easterly and Silvers were the top candidates for their positions, while CyberScoop first reported Goldstein’s expected nomination. Easterly, Silvers, Goldstein and the White House did not respond to requests for comment.
“With these appointments, clearly the Biden administration is making cybersecurity and infrastructure protection in the United States a top priority,” said Anthony Ferrante, former NSC director for cyber incident response and chief of staff for the FBI Cyber Division. . “He is building a strong and diverse team, with experience in cybercrime, resilience and investigations.”
Defining a new role
If confirmed by the Senate, Easterly will be instrumental in defining the structure and purpose of the new cyber director’s amorphous office. The position, the marquee recommendation of the Cyberspace Solarium Commission licensed by Congress, is essentially an update of the post of cyber coordinator for the National Security Council that former President Donald Trump eliminated in 2018.
Leading the new position would give Easterly a chance to leave a mark on government cyber operations that will outlast his term.
While many experts have defended the idea of cyberspace at the White House as a way to raise the issue’s importance and proximity to the president, key questions about his activities and authority remain unanswered. The way Easterly handles work will help answer these questions and set a precedent for all your successors. With a broad but untested mandate, it will be up to Easterly to determine whether its position becomes influential or superfluous.
Easterly will bring a key asset to the post of national cyber director: a previous working relationship with Anne Neuberger, the NSA authority that Biden has appointed for the new post of deputy national security adviser for cybersecurity.
Neuberger and Easterly served from 2009 to 2010 on the Cyber Command implementation team, then a subordinate unit of US Strategic Command. They were instrumental in establishing the unit’s structure and operational mindset, which became a full-fledged commando in 2017
After helping to create Cyber Command, Easterly and Neuberger continued to move up the NSA hierarchy together. From 2011 to 2013, Easterly was the second NSA counterterrorism officer, while Neuberger served as special assistant to the then NSA Director, General Keith Alexander.
It is not yet clear how the White House will outline the responsibilities between Neuberger and Easterly.
Congress intended Easterly’s new role to be to oversee America’s cyber defenses and the protection of government and civilian networks. Neuberger has experience with the NSA’s offensive and defensive work, but his most recent work was on the defensive side and his new position remains undefined.
Biden could instruct Neuberger to oversee offensive cyber operations and gather cyber intelligence to avoid issues of redundancy or conflict with Easterly.
Guiding CISA through the post-Krebs era
As director of CISA, Silvers would replace Chris Krebs, whom Trump dismissed in November for publicly debunking his conspiracy theories about the election.
Silvers will oversee the growth and maturation of the country’s newest agency, established in late 2018 to replace the DHS division that helped defend ports, hospitals and power plants from cyber attacks and dirty bombs. With a workforce of approximately 2,200 employees, CISA is responsible for everything from helping state and local governments to blocking ransomware attacks to helping schools plan mass shootings.
Silvers will bring an important asset to the work of the CISA director: an already strong relationship with his new boss, Alejandro Mayorkas, appointed DHS secretary in Biden. From 2013 to 2014, Silvers served as a senior advisor to Mayorkas, while the latter was an assistant secretary of homeland security.
As assistant secretary of cyber policy, Silvers played an important role in reducing the sometimes icy divide between the federal government and major industry sectors. He also helped to oversee DHS’s response to major cyber attacks and data breaches. He “led the administration’s policy on technology risk issues, ranging from government access to encrypted data to security challenges involving smart, autonomous systems,” according to his law firm’s biography.
Silvers will take over an agency after a successful campaign defending the 2020 election from cyber interference, but also hurt by suspicions of massive and sophisticated breaches by Russian federal agency hackers and Trump dismissing Krebs.
Krebs, who won bipartisan acclaim while leading CISA and its predecessor, outlined the agency’s initial course and helped make it a serious actor in inter-agency discussions about threats to digital security. Silvers will be responsible for guiding CISA in the second phase of its existence, as it tries to improve the services it already offers, while remaining ahead of emerging threats in areas such as 5G, artificial intelligence and state hacking. nation.
Navigating SolarWinds
Silvers’ success at CISA will depend in part on Goldstein’s management of one of the agency’s main divisions.
CISA has spent the past few months struggling to respond to SolarWinds, which has compromised the networks of various departments and agencies along with many Fortune 500 companies. The 2-year agency has been overwhelmed by the scale of the crisis, which has overwhelmed its staff and occasionally left it struggling. to provide timely assistance to other agencies, according to POLITICO and other media.
CISA’s Cyber Security Division oversees the defense of federal civilian networks and SolarWinds will test Goldstein’s ability to screen its limited personnel and resources.
The division manages two programs, EINSTEIN and Diagnosis and Continuous Mitigation, which should block external threats and check internal networks for anomalous behavior. The success of the SolarWinds campaign – in which suspected Russian hackers infected software the government trusted and used command and control servers designed to not set off alarms – raised questions about the effectiveness of these two programs.
Goldstein’s previous career at DHS may have prepared him well for his new job. Prior to leading the NPPD cyber partnership branch, he served as policy advisor in the Federal Network’s Resilience branch of the board, a senior advisor to the head of the NPPD cyber arm and a senior advisor to the head of the NPPD.