with Aaron Schaffer

President Biden’s full slate of top cybersecurity officials is finally ready to get down to work nearly six months into the administration and amid a sea of crises. 

The Senate yesterday unanimously confirmed Jen Easterly to lead the Cybersecurity and Infrastructure Security Agency (CISA) just hours after Sen. Rick Scott (R-Fla.) removed a hold that had kept her and other top Department of Homeland Security nominees from Senate confirmation for weeks. 

Chris Inglis was also sworn in as the nation’s first national cyber director, the most powerful U.S. government position ever created that is devoted solely to managing cyber threats. 

The pair, both longtime veterans of the National Security Agency, are taking the helm amid a fierce standoff between Biden and Russian President Vladimir Putin over criminal ransomware attacks targeting vital U.S. industries and major espionage attacks. 

Getting Chris and Jen confirmed is critical and just in the nick of time,” Sen. Angus King (I-Maine) told me. King was co-chair of the Cyberspace Solarium Commission, a congressionally led group that pressed for creating Inglis’s position. 

“It ups our game considerably in terms of not only the tactics for responding to attacks, but also developing a broader long-range strategy. This is a big day for the country,” King said.

Democrats criticized the long delay in confirming Easterly.

Scott blocked her confirmation and those of other DHS officials until Vice President Harris visited the U.S.-Mexico border. Harris made that trip last month, but the hold lasted through a July Fourth congressional break, during which hundreds of U.S. small businesses were hit in the Kaseya ransomware attack, the largest such attack to date. 

Before the Senate adjourned for the July Fourth holiday, I stood right here and urged my colleagues to confirm her for this vital position,” Senate Homeland Security Chairman Gary Peters (D-Mich.) said in a speech before the vote. “I warned that without confirming Ms. Easterly, we risked leaving ourselves vulnerable to cyberattacks. And in the two weeks since I last called on my colleagues to approve this critical nomination, nation-state actors and criminal organizations have continued their relentless targeting of the United States.”

House Homeland Security Chairman Bennie G. Thompson (D-Miss.) and Rep. Yvette D. Clarke (D-N.Y.) called it “unfortunate that political games delayed [Easterly’s] confirmation,” but they said they’re “pleased the Senate has finally acted.”

Scott defended his actions last month, saying, “This isn’t about Ms. Easterly, this isn’t about cybersecurity.” Instead, he said, his hold was about “a total lack of accountability when it comes to addressing the border crisis.” 

Yet, the relatively slow pace of approving top cyber officials stands in stark contrast to the growing cyber threat. 

In addition to the Kaseya hack, the government is struggling to recover from the Kremlin’s SolarWinds espionage breach, which compromised hundreds of businesses and numerous government agencies, and a devastating China-linked attack into Microsoft Exchange. 

Historically this isn’t slow,” Ari Schwartz, senior director for cybersecurity in the Obama administration, told me about the confirmation process. “But considering the threats today, it’s too slow. Cybersecurity has to be prioritized the way we prioritize terrorism, and that’s not happening yet.”

The delay has made it tougher to finalize some long-range plans for tackling cyber threats and to get buy-in from other government agencies that are waiting for permanent leaders to take office, people familiar with the matter told me.

Inglis and Easterly are also facing mammoth bureaucratic tasks. 

Inglis will be setting up a new office with up to 75 employees that has never existed before. Even as that happens, officials there will have to begin wrangling government processes for managing cybersecurity, which in many cases has been done piecemeal by government agencies wary of ceding any of their authority. 

The biggest change is that we’re now in a position to have a coordinated response instead of having 10 different agencies with their own policies and systems,” King told me. “We can now have coordination at the highest levels at the White House, and that’s absolutely critical.”

Easterly, meanwhile, will be running an agency that’s grown during the past several years from being little known outside of Washington to being a key player across the government. 

That transition has also come with a far broader array of responsibilities, including helping ensure the cyber integrity of everything from elections to energy companies. 

“I think we’re miles ahead of where we were a year ago,” King said. “Unfortunately, we’re also under continuing and increasingly sophisticated attacks.”

Chat Room

Here are some Twitter reactions to Easterlys confirmation. 

From Chris Krebs, CISAs last director:

Megan Stifel, a White House cybersecurity official during the Obama administration:

Rep. Jim Langevin (D-R.I.), a commissioner on the Cyberspace Solarium Commission:

Cristina Goodwin, a top Microsoft cybersecurity leader, wondered whether Easterly will continue Krebs’s “war on pineapple,” a puckish allegory for disinformation campaigns. 

The keys

A federal judge in Michigan rebuked Trump-allied attorneys for not vetting baseless election fraud claims.

Judge Linda V. Parker is deciding whether to punish Sidney Powell and other Trump attorneys for shoddy lawyering while challenging Joe Biden’s victory. 

She grilled the attorneys for much of a five-hour hearing in which they acknowledged not even speaking with many people who made claims about election fraud in Michigan before submitting their claims in affidavits, Rosalind S. Helderman reports.

I think its wrong for an affidavit to be submitted in support if theres been no kind of minimal vetting, Parker said.

Parker effectively dismissed the underlying lawsuit in December, which sought to force Gov. Gretchen Whitmer (D) to award the state’s electors to former president Donald Trump despite Biden winning the state.

A Russian-speaking hacking group is back after U.S. Cyber Command and Microsoft tried to take it down in the run-up to the 2020 election.

The group behind the Trickbot malware appears to have updated its malicious software, expanded its operations and plotted forthcoming cyberattacks, the Daily Beast’s Shannon Vavra reports. It’s a striking development for the group, which U.S. Cyber Command temporarily disrupted in the weeks before the 2020 election.

At the time, the group ran a botnet that harnessed the computing power of more than 1 million hijacked devices to launch digital attacks.

Microsoft also went after Trickbot. A judge last year issued an order allowing the company to seize servers used by the botnet. The company sees disruption of the botnet as a “continuing challenge,” according to Amy Hogan-Burney, the general manager of Microsoft’s Digital Crimes Unit.

TikTok owner ByteDance paused plans to sell stock abroad after Chinese regulators raised data security concerns.

The China-based social media giant’s plans to sell shares in Hong Kong or the United States were put on hold in late March after Chinese regulators told the company to focus on data security and other issues, the Wall Street Journal’s Xie Yu and Liza Lin report

It’s a markedly different strategy and outcome from ride-share giant Didi, which went forward with plans to list itself on the New York Stock Exchange despite regulator warnings. Chinese regulators have ordered Didi apps to be taken off Chinese app stores as they investigate the company’s cybersecurity practices.

ByteDance has also faced scrutiny in the United States, where former president Donald Trump sought to ban it from operating last year on national security grounds.

Securing the ballot

Cyber insecurity

Government scan

Global cyberspace

Daybook

  • A House Appropriations Committee panel discusses Homeland Security appropriations today at 10 a.m.
  • A House Judiciary Committee panel holds a hearing on federal law enforcement agencies’ use of facial recognition technology today at 10 a.m.
  • Defending Digital Campaigns hosts a cybersecurity training event for Oregon campaign and election officials today at 2 p.m.
  • The Silverado Policy Accelerator hosts an event on collaboration between Australia and the United States to counter China today at 5 p.m.
  • Estonian Prime Minister Kaja Kallas discusses international collaboration to secure digital infrastructure at an Atlantic Council event on Wednesday at 2 p.m.
  • The Senate Commerce Committee holds a hearing on supply chain resiliency on Thursday at 10:30 a.m.
  • The Internet Governance Forum USA conference hosts panels on supply chain security and securing the Internet of Things on Thursday at 10:30 a.m. and 12:15 p.m.
  • The House Homeland Security Committee holds a hearing on changes to the Department of Homeland Security to meet today’s threats on Thursday at noon.

Secure log off