Lawmakers recently gave CISA with new authorities, including the ability to proactively hunt for intrusions on other agencies’ networks, and Congress is considering an even bigger expansion of its mission in a bill mandating that companies report cyberattacks to the government.
It will be up to Easterly to determine how to triage CISA’s resources between its various missions, implement new congressional mandates and reassure worried staffers. She will also need to oversee the agency’s ambitious transformation of its federal security efforts in the wake of the SolarWinds compromises. CISA has committed to improving its intrusion-detection systems by deploying more sensors inside other agencies’ networks and developing better analytical capabilities.
Easterly will also have to raise CISA’s public profile and reinforce its reputation as a trusted partner. Many companies are reluctant to share data with CISA after being hacked, fearing public exposure or regulatory headaches. The Colonial incident highlighted these problems — the pipeline operator called the FBI rather than CISA, took several days to share key data with CISA and kept the agency in the dark about basic aspects of the incident, such as the ransom payment that the company made to the hackers.
Digital security experts and former national security officials have said Easterly’s long record of military and intelligence work makes her the person to solve these problems.
At her confirmation hearing, she was introduced by a Republican congressman, Mike Gallagher of Wisconsin, who co-chairs the congressionally chartered Cyberspace Solarium Commission.
“Jen Easterly’s qualifications are well above and beyond those stipulated by the law,” said Gallagher, whose panel’s recommendations for improving CISA have largely been enacted. “Her background is incredible.”
At the NSA, Easterly worked in the elite hacking unit known as Tailored Access Operations, led the Army’s information warfare battalion and served as a cyber adviser to NATO forces in Afghanistan. In 2009, she was one of four officials tasked with establishing U.S. Cyber Command, the military unit that works closely with the NSA to disrupt adversaries’ computer networks. She later spent more than two years as the No. 2 official in the NSA’s counterterrorism division, followed by three years as a special assistant to the president and senior director for counterterrorism at the National Security Council under former President Barack Obama.
In her most recent role, as head of resilience for Morgan Stanley, Easterly witnessed firsthand how U.S. businesses have dealt with an increasing barrage of cyberattacks. The connections and experience that she developed working for the financial services giant may aid Easterly as she takes the helm of CISA.
Despite being an uncontroversial nominee, Easterly had a slightly bumpy path to confirmation.
Senate Democrats tried on June 23 to confirm Easterly by unanimous consent, but Sen. Rick Scott (R-Fla.) objected, fulfilling an earlier promise to place holds on all of Biden’s DHS nominees until the president visited the U.S.–Mexico border.
Scott released his hold after Vice President Kamala Harris visited the border on June 25.