Experts Torn on Proper Role of National Cyber Director

Former officials say someone needs to coordinate government entities but weighed pros and cons to the position being located within the National Security Council.

Former Cybersecurity and Infrastructure Security Agency Director Christopher Krebs is breaking with lawmakers and other cybersecurity professionals who are pushing the Biden administration to identify a national cyber director.

The position was created by a provision of the National Defense Authorization Act for fiscal 2021, but the administration has yet to name an individual to the post, which would operate with a staff of about 70 personnel within the Executive Office of the President but outside of the National Security Council. The national cyber director would advise the president and the NSC while engaging with Congress and the private sector.

“There are some things that structurally the National Security Council is not really well set up to do, and two of them, in particular, are interacting with the private sector and interacting with Congress, which is actually something that you very much need to be doing in cybersecurity policy,” Michael Daniel, president and CEO of the Cyber Threat Alliance, said at a Center for Strategic and International Studies event Wednesday.

Daniel, who served as cybersecurity coordinator within the NSC during the Obama administration, said, “That's why I think that actually having a national cyber director that is [an] office within the broader Executive Office of the President, so those set of agencies that directly support the White House, is critically important.”

Former President Donald Trump’s national security director eliminated the cybersecurity coordinator role within the NSC in 2018. The national cyber director position was conceived as a way to fill the void. The individual would coordinate the cybersecurity roles of various government entities and require Senate confirmation. 

While President Joe Biden has not filled the national cyber director position, he did appoint Anne Neuberger to be deputy national security advisor for cyber and emerging technology—a position within the National Security Council. She was serving as cybersecurity director for the National Security Agency under Trump.

Neuberger now coordinates the government’s response to major recent hacks, including developing an impending executive order and engaging the private sector in what the administration touted as a first for the NSC that will continue as appropriate.  

During the CSIS event, Krebs agreed someone needs to oversee the budgets and implementation of a cybersecurity strategy across various federal agencies. But he suggested being outside the National Security Council might make it difficult to align offensive and defensive activities across the military and civilian parts of the government. 

“Someone, to Michael's point, has to be running some sort of god's-eye view over cybersecurity operations within the federal government, whether its intelligence community, military operations, law enforcement, defensive and civilian side, someone has to have a, you know, as a daily job that sort of coordination,” Krebs said. “I think that's probably better suited for the National Security Council, but nonetheless that, that's got to be a clear mission set for someone right now.”

In recent tweets, Krebs said that while there’s still a role for the national cyber director, Neuberger’s appointment “addressed many of the concerns that prompted the creation of the NCD.” 

Krebs was more immediately concerned about the administration naming a permanent director of CISA and endorsed acting Director Brandon Wales for the role.