Jen Easterly, former NSA official and Morgan Stanley vet, will take up the lead at CISA as the ransomware scourge rages on.
The U.S. has made a key move to shore up its cybersecurity strategy, with the confirmation of Jen Easterly as the director of the Cybersecurity and Infrastructure Security Agency (CISA) on Monday.
Easterly, a former official at the National Security Agency from 2011 to 2013 and two-time Bronze Star winner, fills the empty position left by Chris Krebs, who was fired from the post under then-President Trump in 2020. Easterly comes to the role fresh from the private sector: She was most recently responsible for Morgan Stanley’s resilience strategy. Before that, she worked to set up the U.S. Cyber Command.
Meanwhile, Monday also saw the swearing in of Chris Inglis as the first White House national cyber-director. Inglis, a former NSA deputy director, will be responsible for communicating and coordinating cybersecurity policy across Congress, federal agencies and the White House, according to reports. It’s a new position that was created as part of the most recent National Defense Authorization Act and roughly correlates with the White House cyber-czar role that Trump eliminated in 2018.
The Senate unanimously approved both nominations last month, but the confirmation votes were delayed after Sen. Rick Scott (R-Fla.) held up Department of Homeland Security nominees until President Biden or Vice President Kamala Harris visited the southern border. Eventually, Harris did visit, and Scott lifted his moratorium.
Congrats to Jen Easterly on her confirmation as the next @CISAgov Director. The perfect leader for an increasingly important agency. Bravo to Brandon Wales to leading the agency the last 8 months. Excited to watch this team continue to do great things. #DefendTodaySecureTomorrow https://t.co/RNHLPlfYvB
— Chris Krebs (@C_C_Krebs) July 12, 2021
“Nation-states and non-state actors alike now leverage cyberspace with near impunity to threaten our security, our privacy, and our physical and digital infrastructure,” Easterly said during [PDF] her June confirmation hearing. “Our adversaries combine hacking with malign influence operations to interfere in democratic processes. They breach major corporations to steal capital and intellectual treasure, target industrial control systems to disrupt critical infrastructure, and incapacitate entities large and small with the scourge of ransomware. Even as we contend with the billions of daily intrusions against our networks by malicious actors, I believe that as a nation, we remain at great risk of a catastrophic cyberattack.”
Cybersecurity: A Top U.S. Priority
“The threats of cyberattacks aren’t just looming – they [are] here and harming us every day,” Sen. Angus King (I-Maine), the co-chairman of the Cyberspace Solarium Commission, King said in a statement provided to The Hill. “Given that cybersecurity touches every aspect of our government and our lives – from our laptops to the Internet of Things – the U.S. desperately needs centralized leadership to coordinate the federal response to improve our defenses.”
The move comes as large cyberattacks continue to make headlines, such as the REvil ransomware attack that affected 1,5000 customers of Kaseya’s network-management platform earlier this month. Or, the now-infamous Colonial Pipeline ransomware disruption that shut down gas availability throughout the South and the Eastern seaboard.
Ransomware has become so endemic that President Biden has made combatting it a piece of his foreign-policy dealings with Russian President Vladimir Putin, given that many of the financially motivated gangs behind ransomware are headquartered in former Soviet Bloc countries.
Previously, the administration has wrestled with the fallout of the massive SolarWinds espionage attack, carried out by Russian nation-state cyberattackers, which hit at least nine government agencies and several tech companies.
“SolarWinds, Hafnium, Colonial Pipeline, JBS and other incidents all signal the urgent need to secure our national critical infrastructure,” Inglis said during his confirmation hearing opening statement [PDF]. “The pace of events and our adversaries deny us the luxury of biding our time before we seize back the initiative that has too long been ceded to criminals and rogue nations who determine the time and manner of their transgressions.”
Check out our free upcoming live and on-demand webinar events – unique, dynamic discussions with cybersecurity experts and the Threatpost community.