Recently, President Donald Trump nominated Sean Cairncross to be his National Cyber Director, a move that has raised more than a few eyebrows in the cybersecurity space.  Established by Congress in 2021, the Office of the National Cyber Director (ONCD) is a component of the Executive Office and serves as a principal advisor to the president on cybersecurity policy and strategy, with a mission to advance national security, promote economic success, and drive technological innovation.  While an experienced senior level strategic and national security advisor, Cairncross has not held any significant cyber positions eliciting much criticism from Trump’s critics, particularly when compared against his predecessors Chris Inglis and Harold Coker who both had deep experienced backgrounds in cyber matters.  Inglis was instrumental in shaping then President Joe Biden’s cybersecurity strategy, though his tenure was cut short due to apparent conflicts with Anne Neuberger, the deputy national security advisor for cyber and emerging technology at the time.

Currently, the United States finds itself confronted by a Hydra of cyber issues, which is indicative of how important cyber has become, and why a strategic and agile thinker is critical in managing this space.  On his way out, Coker acknowledged that he left his successor a long to-do list, a  reference to the cybersecurity initiatives yet to be completed based on the 2023 National Cybersecurity Strategy.  Additionally, a new ONCD will have to weigh in on discussion of the need for a Cyber Force, and what that would like and how it would operate in the U.S. military.  Then there is the ongoing quagmire of trying to hammer out cyber norms in the United Nation’s Open Ended Working Group on Information and Communication Technologies.  With Trump’s recent repeal of Biden’s Executive Order on Artificial Intelligence (AI), the new ONCD would undoubtedly have considerable contributions to make on AI innovation, development, and regulation.  The ONCD might even have a role to play in giving advice on cyber-related legal matters such as the new bipartisan Cyber Conspiracy Modernization Act that would modify the existing Computer Fraud and Abuse Act to create a specific penalty for conspiracy to commit cyber crimes.

These are just a few examples and do not even include addressing other important issues like managing disinformation/misinformation, putting forth a strategy to adopt zero trust, strengthening critical infrastructure against adversarial cyber operations, and better aligning cybersecurity partnerships between the public and private sectors.  To say that the ONCD position carries a lot of responsibility, especially given the United States’ commitment to being an advanced tech leader in its competition with China. 

Therefore, it’s understanding that Cairncross’ nomination has been met with considerable criticism for his lack of cyber experience, especially at the policy and strategy level – two key responsibilities that the ONCD has undertaken since being created less than five years ago.  One media outlet outright lambasted the nomination underscoring these shortcomings, particularly when comparing Cairncross’ background to Coker’s who spent considerable time at the Central Intelligence Agency and National Security Agency before being elevated to the ONCD.  A review of Cairncross’ resume confirms that his involvement in cyber issues has been tangential at best, and though his senior-level experience is solid, there is little in it that suggests he will excel in cyber, making his nomination a curious choice indeed, at least on the surface.

Perhaps the nomination says more about the new Administration’s plans, selecting an individual with deep experience in the private sector to be the new ONCD, a nod that perhaps the leader of public-private partnerships should come primarily from the private sector.  Still, one would expect if that was the case, a prominent executive from the U.S. tech sector would get the tap on the shoulder.  But that would mean there would have to be trust between the new president and a tech sector leadership that leaned left more and were involved in some instances of suppressing conservative voices.  It’s clear that despite tech warming up to an Administration seeking deregulation, the president may want to keep them close – but not too close.  Cairncross’ nomination actually fits the new Administration’s image – unconventional and controversial.  The degree with which that is successful rests largely in the president’s expectations of what the role – and how Cairncross executes it – supports his cybersecurity vision.

The president has already signed Executive Orders digital financial technology and AI leadership indicating he has a plan in place that he’s intent on executing in which the United States outpaces its competitors.  Trump’s recent reshaping of his National Security Council (NSC) that essentially merges the Homeland Security Council with the NSC on some agreed to topics may be telling, if one of those issues is cyber.  His dismantling of the Cyber Safety Review Board may be more about reducing the cyber bloat in the government, preferring to do more with less, as much as it is eliminating initiatives started by his predecessor.

Critics will argue that more needs to be done with respect to cyber in the United States, and they have a point – within reason.  But there are a lot of balls in the air, arguably creating perhaps creating more confusion than clarity.  The extent of how a cyber policy official fits into that scheme is quite unclear and may suggest that the president is content with keeping the cybersecurity status quo for his final term in office.  If this is true, then Cairncross would need only steward the position rather than trying to radically rechange it or go full-in on administering the old Administration’s cybersecurity strategy.  This may seem disappointing, but for a president that is guaranteed only four years in the White House, this may be more about managing a hot button issue he knows in which he can’t make enough headway in the time he has left in office.