Cybersecurity experts say Sean Cairncross faces a litany of key tasks as the White House’s new national cyber director, including championing the reauthorization of a key information sharing law and grappling with China-linked hacks into U.S. critical infrastructure networks.
The Senate voted 59-35 to confirm Cairncross’s nomination on Saturday. He’s now the third Senate-confirmed national cyber director since Congress established the position in 2021.
“As the cyber strategic environment continues to evolve, we must ensure our policy efforts and capabilities deliver results for our national security and the American people,” Cairncross said in a statement provided by the White House after the Senate voted to confirm him. “The United States must dominate the cyber domain through strong collaboration across departments and agencies, as well as private industry. Under President Trump’s leadership, we will enter a new era of effective cybersecurity policy.”
Cairncross served as a senior advisor to the White House chief of staff during President Donald Trump’s first term. He also previously served as CEO of the Millennium Challenge Corporation and as chief operating officer for the Republican National Committee.
As national cyber director, he’ll be responsible for serving as the president’s principal cybersecurity advisor and for coordinating cyber policy across government.
In the near term, cyber experts expect Cairncross will play a key role in championing the reauthorization of the Cybersecurity Information Sharing Act of 2015. The law facilitates the sharing of cyber threat data between government and industry. It expires on Sept. 30.
“It seems to be the one law pretty much everyone agrees with, but we need to make sure that there is a champion pulling it over the goal line,” Frank Cilluffo, director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security, said in an interview.
In a statement applauding his confirmation, House Homeland Security Chairman Andrew Garbarino (R-New York) said Cairncross’s “experience in both the public and private sectors and his support for reauthorizing the Cybersecurity Information Sharing Act of 2015 gives me full confidence in his leadership, which comes at a pivotal moment for both the office’s role as the president’s cyber policy advisor and for responding to increasingly sophisticated cyber threats.”
Garbarino also said he’ll speak with Cairncross about the importance of the Department of Homeland Security’s State and Local Cybersecurity Grant program. DHS made more than $100 million in cyber grant funding on Aug. 1, after the Trump administration’s broader federal spending freeze raised some questions about the future of the program.
Cairncross is entering the White House’s top cyber job amid deep concerns about China-linked hacks of U.S. critical infrastructure, including “Salt Typhoon” and “Volt Typhoon.” Cilluffo said Cairncross could help crystallize the government’s response to incidents like the Typhoon intrusions.
“You have real world examples that demand playbooks and responses where we’re not coming at each one in a piecemeal kind of approach and trying to figure out, how we respond immediately,” Cilluffo said. “So looking at immediate damage assessments, consequences, impact and how do you interact with the agencies that all play a significant role.”
Multiple experts also pointed to the need for the Office of the National Cyber Director to coordinate and strengthen the various Sector Risk Management Agencies that oversee critical infrastructure sectors. For instance, the Treasury Department is the SRMA for the financial sector.
“Many are woefully underfunded and not prioritizing this important public-private collaboration supporting mission,” Mark Montgomery, executive director of the Cyberspace Solarium Commission 2.0, told Federal News Network.
But the Office of the National Cyber Director, at just four years old, remains a relatively new organization within the federal government. Despite its statutory authorities, the office’s influence on the rest of the federal government has remained an open question.
“The ONCD is still a young agency and needs to get itself properly organized, staffed, and situated within the White House decision making structure, and grow its ligature to the rest of the interagency,” Montgomery said.
One of the top tasks for Cairncross will be “effectively organizing and leading the government’s public-private collaboration,” Montgomery said.
“This includes ensuring that the most systemically critical assets are identified and prioritized for support,” he said, adding that the effort could require updating a national security memorandum on critical infrastructure security signed by former President Joe Biden last year.
ONCD could also focus on updating the government’s cyber incident response plan and addressing “continuity of the economy” planning for a large-scale cyber attack, Montgomery added.
Under the Biden administration, ONCD also carved out key roles leading cross-government initiatives such as regulatory harmonization. AJ Grotto, former senior White House director for cybersecurity policy, said more closely aligning different cyber regulations should continue to be a priority for Cairncross.
“For good reason, more and more agencies are using their existing authorities to set regulatory requirements for organizations within their jurisdiction,” Grotto said. “Recognizing that perfect harmonization is not possible because different sectors may have different needs, different requirements, different sort of risk profiles. The greater the harmonization, the better.”
Biden’s ONCD also led a national cyber workforce strategy. One of the goals of the initiative was to boost recruitment and retention of government cyber talent.
Under Trump, however, the federal cyber workforce, such as the Cybersecurity and Infrastructure Security Agency, has faced cuts amid broader reorganizations. Many younger cyber and IT workers were let go as part of governmentwide probationary firings.
Grotto said Cairncross could help reinject some excitement into the prospect of a federal cyber job.
“It’s going to take real leadership to make the federal government an attractive and exciting place to work for young people who care about national security, care about national cybersecurity, and also have the skills needed to answer the call,” Grotto said. “When you treat people the way that this administration has treated people, it’s just not a recipe for getting people excited about working in government.”
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
