Biden is expected to appoint Eric Goldstein, another DHS veteran, to head CISA’s cybersecurity division who, according to someone familiar with the matter, holds one of the most important mid-level roles within the agency.
All three officials will play a key role in Biden weighing how his government will respond to SolarWinds’ cyber espionage campaign, a large series of cyberattacks that hackers believed to have come from Russian foreign intelligence agencies an immense number of federal agencies Governments and private companies have compromised at the state and local level.
“All three have extensive cybersecurity experience,” said Michael Daniel, who served as President Barack Obama’s cybersecurity coordinator, to POLITICO when asked for his thoughts on the three candidates. “They bring a lot of skill into the administration and I think they would be strong players.”
Easterly, the resilience director at Morgan Stanley, served as the NSA’s associate director of counter-terrorism from 2011-2013 before moving to Obama’s NSC, where she served as special assistant to the president and senior director, counter-terrorism. She was instrumental in establishing the US military’s cyber command during the Obama years.
More recently, she advised Biden’s transition team on setting up the Cyber Director Office, which she is now to lead. Congress created the Office of the National Cyber Director in the President’s Executive Office in the latest Defense Policy Bill.
Silvers, a partner at Paul Hastings, was Obama’s deputy cyber policy secretary for DHS last year of the presidency after serving two years as the department’s deputy chief of staff. He was co-head of the CISA division of Biden’s DHS transition team.
Goldstein, Goldman Sachs Vice President and Head of Cybersecurity Policy, spent four years with CISA’s predecessor, DHS’s National Directorate of Protection and Programs, during the Obama administration. In the first half of 2017, he headed the public engagement department of the cyber department. During the transition, he served on Biden’s DHS review team as part of the CISA division.
Reuters reported first that Easterly and Silvers were the leading candidates for their work while CyberScoop reported first Goldstein’s expected nomination. At Easter, Silvers, Goldstein, and the White House did not respond to requests for comment.
“With these appointments, the Biden administration is clearly committed to cybersecurity and protecting US infrastructure,” said Anthony Ferrante, former NSC director of cyber incident response and chief of staff for the FBI Cyber Division. “He is building a strong and diverse team with an in-depth understanding of cyber crime, resilience, and investigations.”
Define a new role
If confirmed by the Senate, Easterly will be instrumental in defining the structure and purpose of the amorphous new office for cyber directors. The position, the marquee recommendation of the Congress-chartered Cyberspace Solarium Commission, is essentially an upgrade to the National Security Council’s cyber coordinator post that former President Donald Trump eliminated in 2018.
Running the new office would give Easterly the opportunity to shape the government’s cyber operations that will outlast their tenure.
While many experts have advocated the idea of a cyber office in the White House to increase the relevance and proximity of the subject to the President, important questions arise about his activities and authority remain unanswered. How Easterly handles the job will help answer these questions and set a precedent for all of her successors. With a broad but untested mandate, it will be up to Easterly to determine whether her position will become influential or obsolete.
Easterly will bring an important benefit to the work of the national cyber director: an earlier collaboration with Anne Neuberger, the NSA officer who has appointed Biden to the new position of assistant national cybersecurity advisor.
Neuberger and Easterly were both members of the Cyber Command implementation team from 2009 to 2010, then a subordinate unit of the US Strategic Command. They were instrumental in defining the structure and operational mindset of the unit that became a full combat command in 2017.
After Easterly and Neuberger helped create Cyber Command, they rose together. From 2011 to 2013, Easterly was the NSA’s second largest anti-terrorism officer, while Neuberger served as special assistant to then-NSA director General Keith Alexander.
It remains unclear how the White House will delimit responsibilities between Neuberger and Easterly.
Congress intended Easterly’s new role to oversee US cyber defense and the protection of state and civil networks. Neuberger has experience with both offensive and defensive work by the NSA, but their most recent work was on the defensive side and her new position remains vague.
Biden could hire Neuberger to oversee offensive cyber operations and the collection of cyber information in order to avoid redundancy problems or conflicts with Easterly.
Guiding CISA through the post-cancer era
As CISA director, Silvers would replace Chris Krebs, whom Trump fired in November for publicly debunking his conspiracy theories about the election.
Silvers will oversee the growth and maturation of the country’s newest agency, established in late 2018 to replace the DHS division that helped protect ports, hospitals and power plants from cyberattacks and dirty bombs. With approximately 2,200 employees, CISA is responsible for everything from helping state and local governments block ransomware attacks to helping schools plan mass shootings.
Silvers will make an important contribution to the work of the CISA director: an already close relationship with his new boss, Biden’s DHS secretary Alejandro Mayorkas. From 2013 to 2014, Silvers was Senior Counselor to Mayorkas, while the latter was Assistant Secretary of Homeland Security.
As Assistant Secretary for Cyber Policy, Silvers played a leading role in bridging the sometimes frosty divide between the federal government and key industries. He also helped monitor the DHS’s response to major cyberattacks and data breaches. He “has advanced administrative policy on technology risks ranging from government access to encrypted data to security challenges with intelligent and autonomous systems” his law firm biography.
Silvers will take over an agency that, after a successful run, defended the 2020 elections from cyber interference, but was also hurt by the massive and subtle violation of suspected Russian hackers against federal agencies and Trump’s discharge from cancer.
Krebs, who received bipartisan recognition in leading CISA and its predecessor, set the agency’s first course and helped make it a serious player in the inter-agency debate on digital security threats. Silvers will be responsible for guiding CISA through the second phase of its existence as it seeks to improve the services it already offers while staying one step ahead of emerging threats in areas like 5G, artificial intelligence and nation state hacking.
Silvers’ success at CISA will depend in part on whether Goldstein manages any of the agency’s main divisions.
CISA has been trying to respond to SolarWinds for the past several months, putting the networks of several departments and agencies and many Fortune 500 companies at risk. The 2 year old agency was overwhelmed by the extent of the crisis that has taxed its staff and taxes Occasionally it struggled to provide help on time to other agencies, according to POLITICO and other sales outlets.
CISA’s Cybersecurity Division oversees the defense of civil federal networks, and SolarWinds will test Goldstein’s ability to search its limited staff and resources.
The department manages two programs, EINSTEIN and Continuous Diagnostics and Mitigation, which are designed to block external threats and check internal networks for abnormal behavior. The success of the SolarWinds campaign, in which suspected Russian hackers infected software the government trusted and used command and control servers that were supposed not to trigger alarms, has raised questions about the effectiveness of these two programs.
Goldstein’s previous DHS career may have prepared him well for his new job. Prior to heading the NPPD’s cyber partnerships division, he served as a policy advisor in the board’s Federal Network Resilience division, senior advisor to the head of the NPPD’s cyber department, and senior advisor to the NPPD chief.