By Abel Morales, senior security engineer, Exabeam
In just the few short months of President Biden’s White House residency, he has managed to overhaul the United States’ cyber strategy. His administration has released a detailed executive order that will expedite information sharing between the government and its IT service providers in an effort to mitigate damages from cyberattacks. The order presents strict financial and political retaliation to nation-state actors such as Russia, China and North Korea. It has also placed more responsibility and decision-making power in the hands of the Cybersecurity and Infrastructure Security Agency (CISA) and called for more swift and earnest action to investigate breach incidents.
Biden has also appointed several seasoned security experts to leadership roles in the CISA, the Department of Defense, the Department of Homeland Security and a federal CISO. Notably is the appointment of Chris Inglis, who earned Biden’s nomination to be the national cyber director within the CISA.
While the role of the national cyber director existed previously, it was eliminated in 2018 and the responsibilities were lumped together with those of the national security director. However, recent events, such as the SolarWinds and Colonial Pipeline attacks, have proven that our government desperately needs a devoted leader in this function to guarantee swifter and more appropriate action to imminent cyber threats.
In order for the U.S. to build a strong defense, it needs capable and convicted leaders in office that know what to do and can swiftly act when called upon. Back in October, Exabeam likened our country’s COVID-19 response to our cybersecurity posture to illustrate why leadership is so critical to future cyber preparedness.
The Need for a Cybersecurity Overhaul
A lot of the Biden Administration’s recent emphasis on strengthening cybersecurity in both the public and private sector stems from recent large-scale and damaging attacks on the federal government and the private sector. Consider these occurrences a blessing in disguise, perhaps, that has lit a fire under the federal government to take long-awaited steps to fortify our nation’s cyber response.
In this new role, Inglis will not only be the point person for coordinating cybersecurity strategy, but he’ll finally have the political and budgetary authority to create momentum across the federal government. With this great power comes immense responsibility, but a challenge for which Inglis is well suited as a 28-year NSA veteran..
Bring structure to a disorderly system
Inglis told Strategies Studies Quarterly in July 2020 that “there are inconsistencies and gaps across the various departments and agencies, and our nation does not have a cohesive vision for how to work together across the federal enterprise, let alone with the private sector.” I’d add that there is also a lack of accountability when it comes to cybersecurity breaches. It is essential that we have executive-level accountability that promotes a culture of security awareness. Inglis must bring a solution to the disarray we’ve seen play out in the federal government’s cyber strategy and response over the past decade. As a nation, we will rely on Inglis to bring forth coherence in the way he and his colleagues address threats to both the public and private sectors.
Create unity among agencies
Inglis should also build upon his existing agency relationships from Capitol Hill to the Pentagon. Even though the national cyber director will not have any direct oversight of offensive cyber operations, we do know that he will have a close working relationship with the deputy national security advisor Anne Neuberger, with whom he’s already worked closely in the past. We also know that over Inglis’ nearly three decades in public office that he’s created deep relationships with Congress and other key lawmakers, so that can be a huge factor in his success in the role. All things considered, it should allow Inglis to move more fluidly and hit the ground running.
Promote partnership with the private sector
Inglis does not have any notable private-sector credentials on his resume. While this might be seen as a limitation to some, we know that there are endless advocates out here in the private sector world ready to lean in and advise Inglis and his team. I’d recommend Inglis initiate a board with industry leaders to develop a standard set of reasonable guidelines and regulations that reduce the private sector’s attack surface. Biden’s administration isn’t quiet about its commitment to bringing the private sector and federal agencies into the same room, and I foresee Inglis being integral in making that a reality. The private sector can make or break our nation’s preparedness for the next big cyberattack, which is why it’s so important for private businesses to continue to innovate and be encouraged to do so by the government.
Apply lessons from recent attacks to his technical strategy
Our country needs someone who is methodical in their approach to cybersecurity. The SolarWinds attack was a credential-based threat. As the national cyber director, Inglis will have to emphasize the role identity and credentials play in attacks and how behavioral analytics are critical to protecting the public and private sector. There will also need to be a larger focus on the supply chain given this recent activity – and perhaps that means moving hardware component manufacturing back into the U.S. While there are a thousand ways to approach cybersecurity from a tactical perspective, Inglis will be responsible for cleaning up our nation’s cyber hygiene, so to speak, and applying lessons learned from past and future threats.
Act with conviction and speed
As my colleague illustrated in October, response time to a cyberthreat is just as critical as our nation’s response to the early days of the global pandemic. Countries that were able to act quickly ended up being those with fewer deaths and economic disruption. We know that the same notion holds true in cybersecurity. Nation-state attackers like Russia are able to breach an organization and conduct their first lateral movement across a network in 19 minutes. The longer the threat actor is in a network, the more an organization risks exposing its data and halting business operations. Inglis must be able to respond with a short mean time to respond (MTTR) to an attack. As the national cyber director, he should be agile, too/ Understanding that things change quickly in cybersecurity and threat actors are constantly one step ahead is critical. Being able to move legislation at a quicker pace will also be integral to Inglis’ success.
Bringing Inglis on as the national cyber director is a step in the right direction, but I do not believe it is the end-all, be-all because this requires a much larger effort from both private and public entities. At the end of the day, it requires state and local collaboration with the federal government and private sector to increase cybersecurity. Of course, we are hopeful that Inglis will share that philosophy and do everything he can to encourage both ends to work together for the shared common goal: protect our nation’s valuable information from our adversaries.