SPONSORED:

Biden's cyber priorities zero in on Russian hack

Biden's cyber priorities zero in on Russian hack
© Getty Images

President Biden and his administration have hit the ground running on cybersecurity during his first week in office, with a particular emphasis on addressing the recent Russian hack that hit the federal government and major U.S. companies.

Experts are calling the focus on cyber issues — and Biden’s efforts to quickly fill key roles and push back against foreign adversaries — a breath of fresh air after four years of the Trump administration.

“Certainly all of the action, and the substantive nature of the action, represents that they’ve put cybersecurity as a priority, which they had said in the transition, but they are putting their money where their mouth is and moving forward on it,” said Kiersten Todt, former executive director of a cybersecurity commission under former President Obama who’s now managing director of the Cyber Readiness Institute.

ADVERTISEMENT

Administration officials have been forced to immediately confront cybersecurity due to the Russian hacking operation against the IT group SolarWinds, a company that counted much of the federal government and U.S. Fortune 500 companies among its customers.

During his first week in office, Biden took action to get his arms around the cyberattack, which counts the Treasury, Justice and Commerce departments among its victims. Biden ordered the intelligence community to conduct an assessment of the hack, and he raised it Tuesday during his first conversation as president with Russian President Vladimir PutinVladimir Vladimirovich PutinHow to rethink Russia sanctions Tucker Carlson bashes CNN, claims it's 'more destructive' than QAnon Biden CIA pick pledges to confront China if confirmed, speak 'truth to power' MORE.

Biden pledged before taking office that he would take a strong stance against Russia and any other foreign nations who attempted to interfere with the U.S. in cyberspace, vowing in December to make cybersecurity an “imperative.”

He took steps toward delivering on that pledge by including more than $10 billion in cybersecurity and IT funds to boost federal cybersecurity efforts in his $1.9 trillion COVID-19 relief proposal. Whether those provisions remain in the bill is unclear, as Biden has indicated he’s open to negotiation on the package.

Beyond Cabinet picks such as newly confirmed Director of National Intelligence Avril HainesAvril HainesSenate confirms former Michigan governor Granholm as Energy secretary Biden says he has read report on Khashoggi murder Biden to speak with Saudi king 'soon' as pressure builds for Khashoggi report MORE and Homeland Security secretary nominee Alejandro MayorkasAlejandro MayorkasHillicon Valley: Privacy, immigrant rights groups slam 'smart wall' proposal | New DHS policies aim to fight cyber 'epidemic' | Twitter exploring allowing users to charge for content The Memo: Biden faces first major setback as Tanden teeters DHS Secretary Mayorkas announces new initiative to fight 'epidemic' of cyberattacks MORE, who said during her confirmation hearing that cybersecurity is a “priority,” Biden has also moved swiftly to fill other roles.

ADVERTISEMENT

The White House announced last week that Anne Neuberger, the director of the National Security Agency’s Cybersecurity Directorate, will fill the new position of deputy national security adviser for cyber and emerging technology on the National Security Council.

The administration also selected former Biden campaign chief information security officer Chris DeRusha as federal CISO and former NSA official Michael Sulmeyer to serve as senior director for cyber on the National Security Council.

And according to Reuters, Biden is eying Jen Easterly, another former NSA official, to serve in the newly created cyber czar role.

“The Biden Administration’s rapid steps to fill cyber positions demonstrate that cybersecurity will be a priority for this administration,” said Michael Daniel, former cybersecurity coordinator under former President Obama who’s now head of the Cyber Threat Alliance.

Theresa Payton, White House chief information officer under former President George W. Bush, also applauded the new hires.

ADVERTISEMENT

“I say bravo, because what’s wonderful is regardless of who the administration is and the political appointees in charge of these groups, there are dedicated men and women running the operations day to day,” said Payton, who serves as CEO of cyber consultancy group Fortalice Solutions. “The sooner the better to get seasoned leadership in place to understand what’s working well.”

Biden’s efforts to address cybersecurity in his first week stand in contrast to the Trump administration, which was widely criticized for eliminating both the cybersecurity coordinator position at the White House and the State Department’s cyber office, though a new cyber and emerging technology bureau was established prior to former President TrumpDonald TrumpDonald Trump Jr. calls Bruce Springsteen's dropped charges 'liberal privilege' Schiff sees challenges for intel committee, community in Trump's shadow McConnell says he'd back Trump as 2024 GOP nominee MORE leaving office.

While Trump officials, including former Secretary of State Mike PompeoMike PompeoThe Hill's Morning Report - Presented by The AIDS Institute - Ahead: One-shot vax, easing restrictions, fiscal help Trump to reemerge on political scene at CPAC China labels human rights criticism 'groundless' MORE and former Attorney General William BarrBill BarrMajority of Republicans say 2020 election was invalid: poll Biden administration withdraws from Connecticut transgender athlete case Justice Department renews investigation into George Floyd's death: report MORE, cited Russia as behind the SolarWinds attack, Trump only addressed the incident once in a tweet, and tried to shift the blame to China.

“Obviously this is a significant improvement over the Trump administration’s policy to eliminate the cybersecurity coordinator, but that’s a low bar to jump over. The higher bar, which they are striving for, is by having these experienced professionals who have a good understanding that public-private collaboration is critical to success,” said Mark Montgomery, a senior fellow at the Foundation for Defense of Democracies.

But even with his early moves, Biden is under pressure to go further, particularly on Chinese technology issues, an area of intense focus during the Trump administration.

White House press secretary Jen PsakiJen PsakiBiden 'disappointed' in Senate parliamentarian ruling but 'respects' decision CORRECTED: Overnight Defense: COVID-19 stymies effort to study sexual assault at military academies | Biden, Saudi king speak ahead of Khashoggi report The Memo: Biden faces first major setback as Tanden teeters MORE on Monday stressed that while Biden planned to “hold China accountable” on technology-related issues, no formal decisions about the administration’s stance on companies such as Huawei and TikTok's parent company ByteDance had been made.

Commerce Secretary nominee Gina RaimondoGina RaimondoHuawei backs supply chain security standards in wake of SolarWinds breach Biden's infrastructure plan needs input from cities and regions Langevin hopeful new Armed Services panel will shine new spotlight on cybersecurity MORE refused to commit during her confirmation hearing Tuesday on whether the agency would keep Huawei blacklisted if she was confirmed.

“I worry a little about having the same attention to detail with China,” Montgomery said. “China represents, as they do in many security areas, the more long-term threat, but as long as we are consistent in applying this to Russia, China, Iran, and North Korea, I think we will be in a good position.”

Beyond China, Daniel recommended that Biden keep up a continued focus on the SolarWinds incident, the cyber czar office, and strengthening federal cybersecurity capabilities in the first 100 days.

“The Biden administration should focus on building on the successes of the past four administrations,” Daniel said. “It should resist the temptation to review previous policy decisions around roles and missions.”