President Biden said Monday he will tap Jen Easterly, who served as cyber policy lead for his transition team, to head the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).

If confirmed by the Senate, Easterly will replace acting director Brandon Wales, who took over at CISA last November when President Donald Trump fired founding director Chris Krebs via tweet. (See After Contradicting Trump, Krebs Out at CISA.) Krebs provoked Trump’s ire for refusing to back up the unfounded claims of electoral fraud pushed by the president and his allies to discredit Biden’s victory in the 2020 election.

Deputy Director Matthew Travis reportedly was also pressured to resign by the Trump White House, leaving Wales, a career civil servant who could not be removed without cause, to lead the agency. Bryan Ware, CISA’s assistant director for cybersecurity, resigned in November as well, reportedly at Trump’s request; his deputy, Matt Hartman, filled the role until Biden named Ware’s permanent replacement, Eric Goldstein, in February.

Agency Active Despite Leadership Vacancies

CISA was launched in 2018 to “coordinate security and resilience efforts using trusted partnerships across the private and public sectors, and deliver technical assistance and assessments to federal stakeholders as well as to infrastructure owners and operators nationwide.” Under Krebs’ leadership the agency undertook energetic outreach to bring together critical infrastructure sectors, including the oil and gas industries, with government entities such as regulators and intelligence agencies.

Since last year the agency has been heavily engaged in mitigating the breach of SolarWinds’ Orion network management platform, which came to light shortly after Krebs left but is believed by researchers to have begun as early as March 2020. (See House Energy Committee Requests SolarWinds Update from Agencies.)

More than 18,000 public- and private-sector organizations, including the Department of Energy and FERC, are known to have downloaded the infected Orion software. CISA warned in an emergency directive that the hackers, believed to be Russian, are likely “in a strong position to identify any potential (and as yet unknown) vulnerabilities” in the Orion code that could be exploited in the future.

Earlier this year, Joseph McClelland, director of FERC’s Office of Energy Infrastructure Security, warned that large-scale replacement of affected computer systems “may be the only option” to ensure there are “no footholds left for an adversary to drill into.” (See SolarWinds Recovery May Require Extreme Actions.)

Easterly brings several decades of cybersecurity experience to CISA. Along with her work on the Biden transition, she heads the Fusion Resilience Center at Morgan Stanley, with the responsibility of “ensuring preparedness and response to operational risks to the firm.” She has been with the firm since 2017, when she joined to build the Cybersecurity Fusion Center.

Prior to entering the private sector, Easterly spent more than 20 years on intelligence and cyber operations for the U.S. Army, serving tours of duty in Haiti, the Balkans, Iraq and Afghanistan and helping create the United States Cyber Command. While in the Army she put in a stint as executive assistant to then-National Security Advisor Condoleezza Rice and her deputy Steve Hadley. After retiring from the military, she joined the National Security Agency and then returned to the White House, spending three years as a special assistant to President Obama and senior director for counterterrorism on the National Security Council.

Inglis Tapped for Cyber Director Seat

Also Monday, Biden announced plans to nominate Chris Inglis, a former NSA deputy director and retired Air Force brigadier general, as national cyber director in the Executive Office of the President.

In addition to serving in the Department of Defense and NSA for 41 years, Inglis is a member of the Cyberspace Solarium Commission, a bipartisan group of members of Congress, former government officials and industry representatives formed in 2019 to recommend improvements to U.S. cybersecurity strategy. (See Solarium Team Urges Long-term Cybersecurity Focus.) The commission’s report, issued last year, urged federal officials to adopt a strategy of “layered cyber deterrence,” achieved by:

• working with allies and partners to promote responsible behavior in cyberspace;
• securing critical networks so that attackers who gain entry cannot cause damage; and
• maintaining the ability to retaliate against actors targeting the U.S.

“If confirmed, Chris and Jen will add deep expertise, experience and leadership to our world-class cyber team,” National Security Advisor Jake Sullivan said in a statement. “I’m proud of what we are building across the U.S. government when it comes to cyber. We are determined to protect America’s networks and to meet the growing challenge posed by our adversaries in cyberspace — and this is the team to do it.”