US Senate Approves Jen Easterly as CISA DirectorAfter Weeks of Delays, Easterly's Nomination Unanimously Approved by Voice Vote
The Senate unanimously approved Jen Easterly to serve as director of the U.S. Cybersecurity and Infrastructure Security Agency via a Monday voice vote following weeks of delays and political infighting.
See Also: Case Study: The Road to Zero Trust
CISA has been without a Senate-approved director since November 2020, when former President Donald Trump fired Christopher Krebs following the U.S. presidential election. Since that time, the cybersecurity agency has been led by Brandon Wales in an acting capacity.
While Easterly's nomination was approved in June by the Senate Homeland Security and Governmental Affairs Committee, which has oversight over CISA, the final vote was delayed by Sen. Rick Scott, R-Fla., who threatened to hold up a number of the administration's nominees in the Department of Homeland Security until President Joe Biden or Vice President Kamala Harris visited the U.S.-Mexico border to address immigration issues.
In June, Harris paid a visit to the border, and Scott then removed his hold on Easterly and other Homeland Security nominees, according to The Hill.
Warnings Over Ransomware
The Senate's delay in confirming Easterly as CISA director coincided with yet another ransomware attack that disrupted U.S. businesses. On July 2, a cybercriminal gang called REvil - aka Sodinokibi - exploited vulnerabilities in remote management software developed by Miami-based Kaseya to attack managed service provider customers and their clients (see: Kaseya Says Software Fully Patched After Ransomware Attack).
By exploiting the vulnerabilities, the REvil-wielding attackers were able to push their ransomware executable file - instead of legitimate files or updates - to about 60 of Kaseya's MSP customers, allowing them to then attack up to 1,500 of those organizations' clients, which included many small businesses (see: Ransomware Landscape: REvil Is One of Many Operators).
Speaking on the Senate floor before Monday's vote, Sen. Gary Peters, D-Mich., who is the chairman of the Homeland Security Committee, noted that this latest ransomware attack happened during the two weeks while Easterly's nomination was held up.
"I warned that without confirming Ms. Easterly, we risked leaving ourselves vulnerable to cyberattacks, and in the two weeks since I last called on my colleagues to approve this critical nomination, nation-state actors and criminal organizations have continued their relentless targeting of the United States," Peters said, according to C-SPAN.
At least some parts of REvil, which operates as a ransomware-as-a-service operation, are believed to be based inside Russia. On Friday, Biden again warned Russian President Vladimir Putin that unless Moscow cracks down on these cybercriminal organizations, the White House reserved the right to take action.
Also on Monday, John "Chris" Inglis was officially sworn in as national cyber director, according to The Hill. His nomination was approved by the Senate on June 17.
Easterly's Cyber Background
Easterly retired as an Army intelligence officer in 2011 and was then named as deputy for counterterrorism at the National Security Agency. She later served on President Obama's National Security Council staff. After leaving the government, Easterly worked as Morgan Stanley's head of firm resilience and oversaw the company's fusion resilience center.
While in the Army, Easterly worked with Gen. Keith Alexander, who was then director of the NSA, to help establish U.S. Cyber Command. She also worked with Paul Nakasone, who is now a four-star general and the head of both Cyber Command and the NSA.
Both before and after Easterly's nomination for CISA director was approved by the Senate, she earned praise from several cybersecurity analysts and industry watchers, including Dmitri Alperovitch, chairman of the Silverado Policy Accelerator and the former CTO of CrowdStrike, who tweeted his support on Monday.
Christopher Krebs also voiced support for his CISA-directing successor, calling her "the perfect leader for an increasingly important agency."
Congrats to Jen Easterly on her confirmation as the next @CISAgov Director. The perfect leader for an increasingly important agency. Bravo to Brandon Wales to leading the agency the last 8 months. Excited to watch this team continue to do great things. #DefendTodaySecureTomorrow https://t.co/RNHLPlfYvB— Chris Krebs (@C_C_Krebs) July 12, 2021
Secretary of Homeland Security Alejandro Mayorkas on Monday said in a statement that Easterly "is a brilliant cybersecurity expert and a proven leader with a career spanning military service, civil service, and the private sector."
Easterly is the third NSA veteran to join the Biden administration to oversee the nation's cybersecurity response and policies.
The new national cyber director, Chris Inglis, worked at the agency for 28 years before he retired in 2014. Anne Neuberger also worked at the NSA before joining the National Security Council to oversee cyber and emerging technology at the White House.