July 12, 2021
The Senate on Monday confirmed Jen Easterly to lead the Cybersecurity and Infrastructure Security Agency, filling an eight-month leadership void at the top of an agency struggling to address widespread digital weaknesses inside the government and across the country.
Lawmakers unanimously installed Easterly, a former senior NSA and White House counterterrorism and cyber official, as the second person to officially lead CISA, a roughly 2,500-person DHS agency responsible for protecting federal networks and offering security advice to critical infrastructure operators, small businesses and local governments.
Easterly will face a complex suite of problems in her new post. CISA, formed in 2018 from DHS’ cyber wing, is struggling to fulfill its vast mission of defending the country’s physical and digital infrastructure. It has had trouble mustering enough personnel and resources to comprehensively monitor federal computer systems and conduct regular security inspections of vital infrastructure facilities, and recent legislation has given it new responsibilities. Meanwhile, high-profile cyberattacks — including the SolarWinds espionage campaign and the Colonial Pipeline, JBS and Kaseya ransomware attacks — have placed significant strain on the agency, prompting calls for major increases in its budget.
Lawmakers recently gave CISA with new authorities, including the ability to proactively hunt for intrusions on other agencies’ networks, and Congress is considering an even bigger expansion of its mission in a bill mandating that companies report cyberattacks to the government.
It will be up to Easterly to determine how to triage CISA’s resources between its various missions, implement new congressional mandates and reassure worried staffers. She will also need to oversee the agency’s ambitious transformation of its federal security efforts in the wake of the SolarWinds compromises. CISA has committed to improving its intrusion-detection systems by deploying more sensors inside other agencies’ networks and developing better analytical capabilities.
Easterly will also have to raise CISA’s public profile and reinforce its reputation as a trusted partner. Many companies are reluctant to share data with CISA after being hacked, fearing public exposure or regulatory headaches. The Colonial incident highlighted these problems — the pipeline operator called the FBI rather than CISA, took several days to share key data with CISA and kept the agency in the dark about basic aspects of the incident, such as the ransom payment that the company made to the hackers.
Digital security experts and former national security officials have said Easterly’s long record of military and intelligence work makes her the person to solve these problems.
At her confirmation hearing, she was introduced by a Republican congressman, Mike Gallagher of Wisconsin, who co-chairs the congressionally chartered Cyberspace Solarium Commission.
“Jen Easterly’s qualifications are well above and beyond those stipulated by the law,” said Gallagher, whose panel’s recommendations for improving CISA have largely been enacted. “Her background is incredible.”
At the NSA, Easterly worked in the elite hacking unit known as Tailored Access Operations, led the Army’s information warfare battalion and served as a cyber adviser to NATO forces in Afghanistan. In 2009, she was one of four officials tasked with establishing U.S. Cyber Command, the military unit that works closely with the NSA to disrupt adversaries’ computer networks. She later spent more than two years as the No. 2 official in the NSA’s counterterrorism division, followed by three years as a special assistant to the president and senior director for counterterrorism at the National Security Council under former President Barack Obama.
In her most recent role, as head of resilience for Morgan Stanley, Easterly witnessed firsthand how U.S. businesses have dealt with an increasing barrage of cyberattacks. The connections and experience that she developed working for the financial services giant may aid Easterly as she takes the helm of CISA.
Despite being an uncontroversial nominee, Easterly had a slightly bumpy path to confirmation.
Senate Democrats tried on June 23 to confirm Easterly by unanimous consent, but Sen. Rick Scott (R-Fla.) objected, fulfilling an earlier promise to place holds on all of Biden’s DHS nominees until the president visited the U.S.–Mexico border.
Scott released his hold after Vice President Kamala Harris visited the border on June 25.