The Federal CISO and the agency information security officers who make up the CISO Council can serve as a resource to incoming National Cyber Director Chris Inglis on how cyber policies will work in the government space, according to Grant Schneider, a former Federal CISO and National Security Council leader.
“While the Federal CISO job is a policy job, the CISO Council is made up of operational folks. The agency CISOs have some amount of internal policy role but they almost all have a very tactical, operational security focused role,” Schneider told Inside Cybersecurity. Schneider left government last August to join Venable.
President Biden announced his intent to nominate Inglis, a Cyberspace Solarium Commission member and former NSA deputy director, to become the first NCD last week. Biden chose Chris DeRusha to become federal CISO on Jan. 27.
“The National Cyber Director has a great opportunity to leverage Chris as the Federal CISO to determine how policies look when they get implemented,” Schneider said. DeRusha and the CISO Council could help “to create a demand cycle” and determine “the areas where more policy would be helpful and more normalization would be helpful,” Schneider said, “and at the same time have a hand in how to craft them because they know what is going to work well at the implementation level.”
Schneider praised DeRusha’s experience working in Michigan as state CISO and at the Department of Homeland Security.
“I worked with Chris in the past and respect him,” Schneider said, adding “has all the chops” that he needs to be successful. DeRusha’s experience working for the Biden campaign is also “a helpful thing because he knows the people that are in the inner circle and being able to have influence there will be helpful for him going forward,” Schneider said.
“If I were Chris [DeRusha] my biggest question would be to figuring out how, I interact and relate to the National Cyber Director and what that relationship is going to look like,” Schneider said.
When it comes to the Cybersecurity and Infrastructure Security Agency, Schneider said there needs to be a “strong partnership” among CISA, DeRusha and NCD nominee Inglis.
Schneider said, “They need a really strategic, tight knight strategic alignment,” with an operational role for CISA and reporting or oversight from the NCD. Schneider said the federal CISO should have “oversight with respect to federal civilian cybersecurity.” -- Sara Friedman (email@example.com)