After Congress approved his nomination in 2021, Chris Inglis served as the first-ever National Cyber Director for the White House. Now, he plans to retire. So who’s next?

As of this writing in January of 2023, there remains uncertainty around who will fill the role. However, the frontrunner is Kemba Walden, Acting Director of the National Cyber Director’s office. Walden is a former Microsoft executive who joined the National Cyber Director’s office in May. Before her appointment, Walden was the Deputy National Security Advisor for Cyber and Emerging Technology in the Biden Administration.

If not Walden, who else might take over from Inglis? The best answer is to look at the senior cybersecurity folks in the Biden administration who advise Biden directly.

A Group of Well-Qualified Successors

The national cybersecurity of the United States has been a priority for President Biden. To ensure that the most efficient protocols are being followed, the president has designated several senior members from his team to serve as direct advisors with specific responsibility for cybersecurity issues. These advisors bring extensive expertise in national security operations and risk management from multiple sectors. They played key roles in establishing national defenses, and are expert problem-solvers in the face of evolving threats. This highly specialized group provides the strength and stability needed to maintain national cybersecurity in a rapidly evolving threat landscape.

The key senior cybersecurity officials include the aforementioned Chris Inglis as the first National Cyber Director, Jen Easterly as the Director of the Cybersecurity and Infrastructure Security Agency (CISA), Alejandro Mayorkas as the Secretary of Homeland Security, Kemba Walden as the first Principal Deputy National Cyber Director, Neal Higgins as Deputy National Cyber Director for National Cybersecurity and Rob Knake as Deputy National Cyber Director for Budget and Policy.

A Promising Candidate

While everyone here plays a crucial role, Jen Easterly stands out based on her comprehensive cybersecurity background. Easterly is an internationally renowned cybersecurity expert, formerly serving as the Deputy Director of the United States Cybersecurity and Infrastructure Security Agency (CISA) and the Senior Advisor to the Under Secretary for National Protection and Programs Directorate at the Department of Homeland Security (DHS). Before joining CISA, she held management positions in both private industries and within the government. This included a four-year tenure with IBM Global Services as Senior Consulting Analyst.

Ms. Easterly’s expansive career has seen cybersecurity accomplishments in both the public and private sectors. Many of her notable successes occurred while working at CISA, initiating groundbreaking efforts to enhance information sharing among critical infrastructure sectors, as well as leading work that addressed cyber threats from foreign actors. She also spearheaded cybersecurity workforce development and led a collective effort to modernize Federal government organizations’ response to ever-increasing threats from malicious actors online.

Outside of her government service, Easterly was also instrumental in creating several successful commercial programs focused on protecting corporate IT assets through best practices such as risk assignment and attack surface reduction.

Initial Concerns Vanquished

Though many promising candidates have emerged for National Cyber Director, the role itself was not without contention. After the appointment of Chris Inglis, concerns arose that there were “too many cooks” in the federal cyber leadership kitchen. Additionally, there was uncertainty as to who would be the true “quarterback” taking over command of national cybersecurity going forward. While Inglis’ extended background in national security steered much of the discourse toward a sense of assurance, undertones still remained that he was just one man wielding undue power without a larger organization behind him for support.

Though uncertain at the time, these concerns have since dissolved. Inglis has proven himself more than capable of tackling national cybersecurity amid a coalition of national leaders and organizations.

The Role of National Cyber Director

The National Cyber Director has provided immense benefits to the public and private sectors over the past year and a half. The director essentially acts as a bridge between the two sectors, ensuring that national interests remain on top of government agendas while also fostering collaboration with industry stakeholders.

As National Cyber Director, Inglis developed national-level policies to protect organizations of all sizes from cyber threats and worked with government agencies to identify areas of need throughout the cybersecurity landscape. As a result, businesses could prioritize cybersecurity investments. know their threats better, remain at the cutting edge of technological innovation and adopt best practices — all in an effort to ensure national security.

IBM Security Intelligence reached out to the Office of the National Cyber Director (ONCD) about the role. They responded with the following statement:

“ONCD’s mission is to create a resilient, safe and equitable cyber space. We’re doing so by focusing on long-term strategic planning while executing on near-term tactics to mitigate existing vulnerabilities. Ultimately, we desire to seize the initiative back from the adversary and reimagine cyberspace with an affirmative vision consistent with our values.”

How ONCD Meets Its Goals

ONCD’s statement went on to elaborate on how it has tackled those objectives:

“Most notably, ONCD is leading the interagency drafting process for the Biden-Harris Administration’s National Cybersecurity Strategy. A process through which we’ve solicited input from over 300 stakeholders across industry, foreign governments, academia and the nonprofit sector. This exceptional level of collaboration is a recognition that the terrain in cyber space is principally privately owned, and public-private partnerships are paramount to addressing cybersecurity challenges successfully. “We also initiated an ongoing series of topical executive fora. By using the unique convening power of the White House, we’re bringing together industry executives with Cabinet Secretaries and Deputies to share threat intelligence and drive collaboration at the highest levels possible. Among these was the National Cyber Workforce and Education Summit in July. At the Summit, ONCD announced the development of a National Cyber Workforce and Education Strategy. A resulting RFI received over 150 responses from a broad section of stakeholders. ONCD is reviewing those and working to publish the full strategy, incorporating many of those inputs, in the coming months. “Finally, we worked aggressively with our colleagues across the interagency to bring enhanced security to the federal enterprise. This included overseeing the implementation of Executive Order 14028, deployment of Zero Trust Architecture, release of first-of-its-kind ‘Spring Guidance’ on cybersecurity budgeting and initiating a planning process for post-quantum encryption.”

Closing In On the Next National Cyber Director

This still leaves the identity of the next National Cyber Director in question. As the U.S. government bolsters its cyber defenses, replacing Inglis remains a priority. This influential role will develop and coordinate the nation’s cybersecurity strategy.

Asked about any insights as to plans once Chris Inglis retires, the ONCD states:

“With respect to Director Inglis’ retirement —  he will retire sometime this year after five decades of public service. At that time, Principal Deputy Kemba Walden will become Acting National Cyber Director and continue to lead the organization with the same passion as she has as Deputy Principal.”

Whether it’s Walden, Easterly or another senior official, the country’s cybersecurity efforts appear to be in good hands.

The post Who Will Be the Next National Cyber Director? appeared first on Security Intelligence.

It’s no secret that cyberattacks in the U.S. are increasing in frequency and sophistication. Since cyber crime impacts millions of businesses and individuals, many look to the government to see what it’s doing to anticipate, prevent and deal with these crimes.

To gain perspective on what’s happening in this area, the U.S. government’s budget and spending plans for cyber is a great place to start. This article will explore how much the government is spending, where that money is going and how its budget compares to previous years.

How Much is the U.S. Spending on Cybersecurity, and Where is the Money Going?

In June 2022, the U.S. announced new spending bills for the fiscal year 2023, including an allocation of $15.6 billion for cybersecurity. The majority of the money — $11.2 billion — will be appropriated for the Department of Defense (DoD), and $2.9 billion will go to the Cybersecurity and Infrastructure Security Agency (CISA).

The money going to the DoD will be used in a variety of ways. For example, Paul Nakasone, commander of the U.S. Cyber Command, has discussed plans to grow five Cyber Mission Force teams. Approximately 133 of these already exist and focus on carrying out defensive cyber operations.

How Involved is the Private Sector in the Allocation of Funds?

Clearly, the majority of funds in the new budget will go to government agencies. However, the government also plans to invest in the private sector and has discussed the importance of strengthening relationships with companies and private organizations.

One key area here is information sharing; after all, cybersecurity is a team sport. However, the government has faced criticism in the past for expecting detailed data from companies while failing to provide adequate information on their end. Recently, government agencies have spoken more about working towards more open and two-sided information sharing, but only time will tell how successful that strategy will be.

U.S. lawmakers have asked the defense secretary to work more closely with CISA and the private organizations within it, especially in areas related to Russian and Chinese activity. CISA has also received $417 million more in funding than was initially requested by the White House.

How do Current Federal Investments in Cyber Compare to Previous Years?

Compared to the previous few years, investment in cybersecurity is gradually increasing. 2021 saw $8.64 billion in spending, followed by a slight increase in 2022.

It’s a positive trend that signals the government is taking the issue seriously. But are state and local governments keeping up?

How is Cyber Investment Changing at the Local and State Levels?

The data shows that the government is also investing in cybersecurity in non-financial capacities at the local and state level. In 2021, for instance, state legislative sessions saw more than 285 pieces of cybersecurity-related legislation introduced, and in 2022 that number increased to 300.

In addition, President Biden introduced the Infrastructure Investment and Jobs Act in 2021, which allocated $1 billion in grants to bolster cybersecurity at the local, state, tribal and territorial levels. The government will distribute this amount over four years until 2025.

It adds up to a promising development for local and state governments, who are finally gaining the resources to protect their communities more effectively. Plus, it demonstrates a growing understanding of the importance of cybersecurity at the federal level and, hopefully, a more informed approach in the future.

Promising Signs for the Future

While cybersecurity funding is one truly positive sign, there are more reasons to be hopeful — such as the appointment of the USA’s first-ever National Cyber Director, Chris Inglis.

Looking to the future, the U.S. will need to constantly readjust its cyber defense posture and adapt to this ever-changing landscape, especially as cyber crime becomes not only more common but also more challenging and complex. It costs money to do that effectively, so the government must prioritize cyber funding for the foreseeable future.

Of course, individual organizations will need to take responsibility for their own security, too.

IBM can help — with solutions like the Security QRadar XDR, you get a suite of tools and powerful features to help you defend your organization against attacks and keep your teams focused on what’s important. Find out more here.

The post How Much is the U.S. Investing in Cyber (And is it Enough)? appeared first on Security Intelligence.