“She's truly an expert and she has experience with management, which I think is key,” said Ari Schwartz, managing director of cybersecurity services at law firm Venable. Schwartz, who has worked with Neuberger in the past, previously served on President Obama's National Security Council. (The position of White House cybersecurity director, who will coordinate government efforts to secure the nation against hacking, is separate and remains unfilled.)
The choice of Neuberger signals that handling fallout from the SolarWinds breach will be a major priority.
“This appointment is a clear indication that the Biden administration is going to take cyber seriously and prioritize a strong offensive strategy,” said Jay Kaplan, chief executive of the cybersecurity firm Synack. Kaplan served in security roles at both the Defense Department and National Security Agency but did not work with Neuberger directly.
“Especially after the SolarWinds hack, it's critical that the U.S. sends a strong message that we won't sit back and continue enduring damaging hacks and breaches,” Kaplan said in an email.
In the new role, Neuberger will have the authority to convene officials from different agencies to strategize an interagency response to cyberthreats. In her more than a decade at the National Security Agency, she interacted with agencies including the Homeland Security, Commerce and Defense departments. She also worked closely with the White House.
“She's been involved with the interagency process for a long time,” Schwartz says. “She'll know the career people and the political people coming in.”
Neuberger's experience working with the private sector could also help clean up the SolarWinds aftermath.
The hack has raised concerns about the channels of communication between the private sector and government — as well as how the government oversees private contractors. Rethinking the government's approach to this relationship will be a key cybersecurity challenge for the Biden administration, experts say.
Before serving as the NSA's first director of cybersecurity, Neuberger led a working group that developed initiatives to build partnerships between the public and private sectors on cybersecurity and related policy issues. As director, she spearheaded the agency's efforts to share cybersecurity threats with the private sector.
Under Neuberger, the NSA publicly disclosed a vulnerability to a software vendor — rather than turn it into a hacking weapon — in a major shift in the agency's approach, as Ellen Nakashima previously reported. Experts described it as a watershed moment in relations between the notoriously secretive agency and the private sector.
“I think she's going to be really good. I think one of the things that's really going to help her in this role is that she has had a fair amount of interaction with the private sector,” says Chris Painter, who was a State Department cyber coordinator under Obama.
Neuberger emphasized the importance of private-sector partners in a recent interview with the New York Times.
“There are some very specific ideas and suggestions we’ve learned from working through SolarWinds with some really strong private-sector partners,” she said.
From Rep. Jim Langevin (R-R.I.):
The NSA's official account:
How Neuberger will work alongside Biden's pick for White House cyber czar leaves some uncertainty.
“I think there's this real open question about how this job is going to work with the new White House cyber director,” Painter says.
The Biden team yet to name a nominee for White House cybersecurity director, a position that Congress will have to confirm. Painter cautioned that nominating a White House cybersecurity director with a similarly offense-heavy background could tip the scales toward that approach.
Megan Stifel, executive director for the Americas at the Global Cyber Alliance nonprofit organization, suggested that someone with a Cybersecurity and Infrastructure Security Agency or Commerce Department background could bring the needed balance of experience to the Biden team. Stifel previously served as director for international cyber policy at the National Security Council.
An NSC position at the deputy level handling cybersecurity is one that government cybersecurity experts have recommended for years. “We haven’t had a real conductor that pulls this together, and I think these two positions will do this to make sure we have a strong response,” Painter said.
Having other seasoned cybersecurity pros in the administration will help. That includes Department of Homeland Security nominee Alejandro Mayorkas, who worked on numerous international cybersecurity agreements as deputy DHS secretary under Obama.
“Many of these folks are familiar with these issues, which is not the case where we were at the beginning of the Trump administration,” Stifel says.
The Senate Intelligence Committee will consider the nomination of Avril Haines for Biden's intelligence director tomorrow.
Haines hearing will be the first in the Senate of the Biden picks, Maggie Miller reports. It comes at a crucial time for the intelligence community as it deals with the fallout of the SolarWinds hack.
Haines formerly served as deputy director of the CIA and a deputy nationals security adviser to Obama. Haines has a strong reputation among career intelligence officials and Democrats, including incoming Senate Intelligence Committee chairman Sen. Mark Warner (D-Va.)
“While I expect that she will face rigorous questioning from Senators on both sides of the aisle, the sooner we can get a confirmed DNI in place to start fixing the damage the last four years have done to our intelligence agencies, the better,” Warner said in a statement in November.
Hearings for other key cyber-related roles including heads of Defense, Homeland Security and State are due to take place next week, Maggie reports.
U.K. Prime Minister Boris Johnson renews calls for caution about Chinese involvement in critical infrastructure.
Britain this summer followed the United States in deeming China-based firm Huawei a national security threat because of the possibility that it could be compelled by the Chinese government to share information on users.
“I think we need to be very vigilant about what’s happening with our critical national infrastructure and about the protection of our data and cyber space, and we are,” Johnson told a parliamentary committee, Williams James at Reuters reports. ”“But I don’t want this country or this government to lurch into a position of sort of unthinking Sinophobia.”
The U.K. government told telecommunications providers in November that it would require them to stop installing telecommunications gear from China-based Huawei by September 2021 and entirely eliminate the company's presence in its 5G communications infrastructure by 2027.