Fraud Management & Cybercrime , Fraud Risk Management , Governance & Risk Management
National Cyber Director Chris Inglis Focusing on Resiliency
Battling Ransomware, Public/Private Collaboration Also Are PrioritiesJohn "Chris" Inglis says one of his first priorities as national cyber director within the White House is focusing on issues of cyber resiliency.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
Speaking at the CyberScape National Security conference on Thursday, Inglis noted that battling ransomware and coordinating government responses with the private sector are also top issues he's tackling.
"The national cyber director is going to be accountable for present and future resilience," Inglis told the audience. "That's a somewhat subtle term. But what we mean by that is that we have to take a hard look not just at the technology, but also as to whether people are prepared to play their role in cyberspace, and whether the roles and responsibilities are well defined. … How do we get ready for that future? And we need to make sure that we're making the [right] investments."
The U.S. government in recent years has been struggling with the issue of building resilient systems that can withstand a cyber incident and continue to perform essential functions. Earlier this month, the U.S. National Institute of Standards and Technology released a draft of an updated publication that addresses how to build resilient systems (see: NIST Guidance Focuses on Creating 'Cyber Resiliency').
As one way to support building these types of resilient systems, Inglis pointed to the $1 billion IT modernization grant program for federal agencies, which will be overseen by the General Services Administration and the Office of Management and Budget. The role of the national cyber director is to help ensure that the money is used to address appropriate security issues, Inglis said.
"We'll follow that money to ensure that it is applied for the purposes intended and help those agencies and departments stay the course - then follow our mandate to report to the Congress how that money has been expended."
Ransomware Battle
Inglis is one of three U.S. National Security Agency veterans that the Biden administration is relying on to address a range of cybersecurity issues, from nation-state cyberespionage attacks, such as SolarWinds, to ransomware attacks that threaten critical infrastructure, such as the May incident targeting Colonial Pipeline Co.
Inglis, who served as deputy director of the NSA, is working with Anne Neuberger, the deputy national security adviser for cyber and emerging technology, and CISA Director Jen Easterly - both of whom also worked at the NSA - to coordinate the administration's cybersecurity policies.
During Thursday's talk, Inglis noted that the lack of coordination between private companies and government agencies in responding to ransomware and other threats leaves too many openings for cybercriminals to exploit.
"We're not joined up in a way that forces adversaries into a position that in order to beat one of us, they have to beat all of us," Inglis said. "We're not aligning actions and consequences where there are rewards for good behavior and there should be penalties for bad behavior. When you add all those up, it creates situations where aggressors, whether they are criminals or nation-states, can take advantage of us because they find the seeds of weakness."
Inglis said one of his most important roles as national cyber director is to help ensure collaboration so that these gaps are addressed.
Staffing
While working on strategic cybersecurity issues, Inglis is also attempting to build up new staff with a limited budget. The national cyber director's office has a temporary budget of $250,000 provided by the White House, which only allows for the hiring of a limited staff, Inglis noted.
Earlier this month, the U.S. Senate passed the $1 trillion Infrastructure Investment and Jobs Act, which includes $21 million for the national cyber director's office. The House is expected to take up the bill next week (see: Senate Passes Infrastructure Bill Boosting Cyber Funding).
Eventually, Inglis envisions having a staff of about 75, but he acknowledged that his office will also have to rely on building relationships with other agencies and private businesses.
"Much of what we will do is not going to be done so much with resources that we literally own, but rather in partnership, or helping to champion or leverage relationships that we have elsewhere," Inglis said.
The creation of the national cyber director's office has been hailed by the Cyberspace Solarium Commission, which recommended it, as a major step toward improving the nation's cybersecurity. Some lawmakers in both parties, however, have asked for more clarity about how all the various cyber leadership roles will work together (see: Lawmakers Want Federal Cybersecurity Leaders' Roles Clarified).