Getting inside the first national cyber director’s head | #cybersecurity | #cyberattack | #education | #technology | #infosec


With help from Eric Geller

In an exclusive interview, National Cyber Director Chris Inglis details his priorities and the pushback his office has received to recent cyber regulations.

Government officials and researchers’ comments following a recent cyberattack on Ukraine gives some clues about what exact cyber threats government officials are worried about in the Ukraine-Russia conflict.

On the docket in the House this week: Securing pipelines, elections and government tech acquisitions.

HAPPY TUESDAY, and welcome back to Morning Cybersecurity! I’m your host, Sam Sabin. If I’ve learned anything in my time on the beat, it’s that there’s nothing like a long holiday weekend that really riles up hackers.

Have tips and secrets to share with MC? Or thoughts on what we should track down next? Send what you’ve got to [email protected]. Follow along at @POLITICOPro and @MorningCybersec. (Full team contact info below.) Let’s get to it:

EXCLUSIVE: INGLIS PREVIEWS HIS PLANS — As National Cyber Director Chris Inglis works to prove the value of his new office, he’s targeting monitoring digital security of new federal infrastructure projects, supporting the resilience of open-source software and helping to improve Americans’ cyber literacy, as Eric reports in an exclusive interview published this morning for Pros.

Inglis also shares new details with Eric about how he’s setting up his office, describes his conversations with federal cyber leaders and laid out the challenges that come with balancing crisis response with long-term security improvements.

As a bonus for MC readers, here are a few interview excerpts that didn’t make it into the story:

EG: What’s your response to industry groups and Republican lawmakers who say the administration is moving too fast and too heavy-handedly with its cybersecurity regulations?

Inglis: The feedback we’re getting, from my view, isn’t so much that it’s heavy handed, but that the consultation has not been broad and deep and rich enough. We need to address that.

The questions that are often asked are … “Do we understand what it is we’re trying to do? Do we know who the beneficiaries are? Are the benefits worth the burdens?” Those are reasonable questions and we need to answer them.

EG: GAO recently issued a report on the federal response to the SolarWinds and Microsoft Exchange incidents. One of its findings was that agencies didn’t have enough visibility into what was happening on their networks. Are we making progress on solving that problem?

Inglis: I think we are. I think there’s a lot more work to be done.

We need to make sure that we don’t simply have information about each and every one of these lines of effort, but that we’re able to synthesize that broadly across the larger enterprise, such that the experience of one can profit anyone else within that enterprise.

EG: Which of the Cyberspace Solarium Commission recommendations requiring executive action do you think stand the best chance of implementation in the near future?

Inglis: Creating a Joint Cyber Environment, the architecture that can contain this unstructured, disparate data, and perhaps formalizing or structuring our approach to systemically [important] critical infrastructure.

EG: You’ve said that you plan to release a formal strategy document that will expand on your vision statement and describe the office’s plans in greater detail. What can the American people expect to see from your office along those lines?

Inglis: We will characterize what the various roles and responsibilities are at the White House of the cyber leadership. We’re working our way through now how … to describe with greater fidelity the role of the National Cyber Director in the context of the National Security Council. I think you’ll see that in the near term measured in — perhaps, months.


Source link