| Hi, this is Alyza on Bloomberg's cybersecurity team. President Joe Biden took office less than two months after U.S. companies and government agencies began disclosing that they'd been victimized as part of a sprawling cyber-attack by suspected Russian hackers. The attack exposed glaring holes in American defense and raised the stakes for Biden's incoming cyber team. Not all the jobs have been filled—including a top post—but cybersecurity experts have praised the administration's picks so far. "These are people who know the business," said Jim Lewis, a vice president at the Center for Strategic and International Studies, where he leads the strategic technologies program. "They really have a dream team." The administration tapped a top official at the National Security Council, Anne Neuberger, to lead the U.S. response to the suspected Russian attack and to work with compromised agencies. The attack, first disclosed in December, targeted popular software from Texas-based SolarWinds Corp. by adding malicious code to updates. Neuberger, who previously led the National Security Agency's Cybersecurity Directorate, was selected by Biden to join his White House in a newly created role as deputy national security advisor for cyber and emerging technologies. Biden has cited the creation of Neuberger's position as evidence that "we've elevated the status of cyber issues within our government." But her job isn't the only new cyber leadership position in the new administration. Congress recently mandated the creation of a National Cyber Director, a role that will be responsible for U.S. cybersecurity policy across the government and private sector. The post was described as a "game-changer" for the security community, according to Senator Angus King and Representative Mike Gallagher, who are part of a cyber committee that helped conceptualize the new office. But the White House has yet to nominate an official or define the role. The Washington Post reported that the delay may be the result of tension over the extent to which lawmakers have the power to weigh in on the National Security Council's cybersecurity work. Among the potential candidates for the job is Jen Easterly, who serves as head of firm resilience at Morgan Stanley. Like Neuberger, she has worked at the National Security Agency, serving as its deputy for counterterrorism during the Obama administration, and she later served in Obama's White House. She has also served as an intelligence officer in the U.S. military and helped develop the Army's cyber operations unit. Michael Daniel, the head of the Cyber Threat Alliance and the former cybersecurity coordinator in the Obama White House, told me last month that the Biden administration should use diplomatic channels for messaging to Russia about the SolarWinds attack. "It could take the opportunity to expel some diplomats or suspected spies, and it could search for ways to slow roll some Russian diplomatic initiatives related to cybersecurity," he said. As Neuberger's team prepares next steps on SolarWinds, the Washington Post reported Tuesday that the White House is preparing sanctions in response to the hack. "We have asked the intelligence community to do further work to sharpen the attribution that the previous administration made about precisely how the hack occurred, what the extent of the damage is, and what the scope and scale of the intrusion is," White House press secretary Jen Psaki said when asked about the report. "It will be weeks, not months, before we respond, but I'm not going to get ahead of the conclusion of that process." Whatever the response, Biden's cyber team faces a daunting challenge. So far, Neuberger said they have identified nine government agencies and about 100 private-sector companies that were attacked by the suspected Russian hackers but the investigation is expected to take months. Responding to Russia and preparing against future attacks with sometimes antiquated computer networks would be a difficult task, no matter how talented the cyber team. —Alyza Sebenius | 
Post a Comment