During the rollout event of the Cyberspace Solarium Commission report, sitting at opposite ends of the same row were two top cybersecurity officials, Christopher Krebs and Gen. Paul Nakasone.
Krebs directs the more-defensive Cybersecurity and Infrastructure Security Agency (CISA), under the Department of Homeland Security, while Nakasone serves in two roles for the Department of Defense, leading the more-offensive U.S. Cyber Command and serving as the director of the National Security Agency. Commissioners praised the work of both men, but critiqued the country’s overall cyber strategy, calling for the creation of a National Cyber Director in the Executive Office of the President to coordinate the nation’s path.
“We didn’t think that we needed to invent a new agency when we got one [CISA] that’s working,” said Solarium co-chair, Sen. Angus King, I-Maine, “but we did think that there was something missing and that was leadership from the top.”
The National Cyber Director would be the president’s principal adviser on cyber with the ability to convene the Cabinet or National Security Council.
Likening the position to “a head coach,” Commissioner Frank Cilluffo, director of the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University, said the director can drive the defensive coordinator’s and the offensive coordinator’s plans.
“Nobody would design the structure we have now from scratch,” said Sen. Ben Sasse, R-Neb., who served on the commission. “The National Cyber Director is one way to say we need more urgency about coordinating.”
Commission co-chair, Rep. Mike Gallagher, R-Wis., said whether the position should be Senate-confirmed was debated in at least three meetings.
“Everyone agreed that the status quo was not sufficient,” said Gallagher, but not all commissioners agreed on the final proposal.
The proposed Senate-confirmed position would expand the authority of the cybersecurity coordinator role eliminated in 2018 by former National Security Advisor John Bolton. Modeled after the position of U.S. Trade Representative, the National Cyber Director would be supported by a concurrently formed Office of the National Cyber Director of approximately 50 people.
When asked whether the current White House would be open to the position, Gallagher said “I don’t know,” adding that National Security Advisor Robert O’Brien and deputy National Security Advisor Matthew Pottinger are “open to having that conversation.”
“We’ll have to make a case on the merits,” said Gallagher. “We hope to be able to win them over to our view of the world.”
King, too, was hopeful the position would be met with receptivity from the president.
“If there is a cyber issue,” said King, “it is a favor to the president to have a person there who has the oversight of the whole structure of the Federal government.”
“Structure is policy,” he said. “If you have a messy, confusing, incoherent structure, you’re going to have messy, incoherent policy.”
Having legislation passed by Congress to create the position would not be easy, King said. But it would be “part of developing a structure that make sense.”