Recent reporting indicates that there is growing support among cyber policy professionals to elevate the role and authority of the Office of the National Cyber Director (ONCD), a position whose roles and responsibilities have come in conflict in the past with the equally prominent Deputy National Security Advisor (DNSA) in charge of cyber and emerging technology at the National Security Council (NSC).  To be fair, Biden created the NSC position prior to the establishment of the Senate-confirmed ONCD, but it does raise the question if two senior positions need to exist and if not, if a consolidation can be done to eliminate unnecessary redundancies.  Granted, on the surface the two positions are not exactly alike.  Per its website, the ONCD advances “national security, economic prosperity, and technological innovation through cybersecurity policy leadership,” and has developed into a key stakeholder in the government’s cyber policymaking across both public and private sectors.  It has become a key facilitator of executing the White House’s national level cyber strategy across the government.  Conversely, the DNSA often serves as Executive Secretary to the National Security Council Principals Committee, and as chairman to the National Security Council Deputies Committee, among other responsibilities.

Still, there are overlapping similarities, begging the question if both senior positions are needed, especially when in the world of Washington influence, voices compete to get the attention of Executive Office.  This was apparently the case when the first ONCD Chris Inglis and his DNSA counterpart Anne Neuberger allegedly clashed over “information sharing between the two offices and how to lead the country’s cyber strategy,” prompting Inglis to resign only two years into his tenure.  This rift underscored an issue that still languishes in the halls of government – who is in charge of the cyber mission, and do they have the necessary authorities to match their responsibilities?  What the Inglis-Neuberger rift revealed is that two senior positions working at odds with one another is not a successful formula, exposing the problems of committing to a particular direction.  With a new Administration on the cusp of entering the White House, there is an opportunity to rectify these mistakes and missteps, which may be as easy as eliminating the DNSA, and grouping all roles and responsibilities under the ONCD, a natural fit given that Senate confirmation imparts a Cabinet-style importance to the role.

A recently published report by a think tank leans toward enhancing the ONCD’s responsibilities as well.  The think tank recommended strengthening the role of the ONCD, and perhaps more importantly, increasing the efficacy of this position by bolstering its engagement with the NSC.  This is important because it would elevate the position beyond a managerial resource created to improve public/private coordination, conduct budget review, review workforce development, and interact with stakeholders.  While this has a lot of merit, I would suggest that a more meaningful change would be to merge the roles, responsibilities, and authorities of the two positions, rather than trying to keep both positions.  In this capacity, the ONCD would serve not only as the undisputed lead U.S. cyber official but would also be the President’s primary cyber advisor with respect to the NSC, performing the same functions with the benefit of being the facilitator for cyber issues across the government.  

This accomplishes bolstering the bona fides of a position that will ostensibly become the face of cyber for the U.S. government, as well as make that individual the single conduit for the President to both receive and transmit cyber-related information.  No longer would there be confusion as to if the ONCD or the DNSA had the President’s ears on such matters.  Such a move would also allow the ONCD to build a staff of subject matter experts from other agencies, who in addition to providing guidance will also be able to represent their agencies’ cyber interests at the highest levels of the government.  This restructuring also has the added benefit of aligning with the incoming Administration’s Department of Government Efficiency’s efforts to reduce government spending and increase efficiency and eliminate an unnecessary position.  

As the cyber portfolio has expanded quickly and grown more complex, it has created a crowded environment across the government.  Ballooning cyber budgets over the past several years have encouraged agencies to carve out a piece of the larger cyber mission, particularly at the national level.  Indeed, this has further muddied the waters rather than clearing them up.  Several former officials acknowledged that having multiple senior cyber leaders led to confusion within agencies, having referenced the director of the Cybersecurity and Infrastructure Security Agency and the director of the National Security Agency as two examples.  Thus, any chance to clarify and socialize the ONCD’s roles and responsibilities, minimize effort duplication across the cyber space, and promote accountability from a national level is essential moving forward to bolster the country’s cybersecurity.

This will be critical when the next cyber crisis like SALT TYPHOON occurs because the government needs to respond immediately and not be potentially tripped up in a quagmire of who’s in charge of what.  Recently, a former high ranking U.S. cyber official advocated the ONCD should be the lead when it came to such incidents and not the NSC, and I couldn’t agree more, as it currently has the better resources and authorities to respond to such matters.  By combining roles, the ONCD would have the benefit of both advising the NSC while managing cyber incident response actions.  The ONCD has already demonstrated its value in collaborating with CISA on two cybersecurity projects – the National Cyber Incident Response Plan and the Guide to Strengthen Cybersecurity of Grant-Funded Infrastructure Projects.  Therefore, it makes sense that being a part of the formulation of such plans further bolsters the ONCD’s capabilities to address cyber crises in the future.

Whether the Trump Administration will keep the status quo or take the opportunity to change things up remains uncertain.  But the last eight years has proven that the next President cannot take a reactive role when it comes to cyber matters.  Whether its nation state activity, tech wars, prolific cybercrime, artificial intelligence, quantum computing, domestic cybersecurity, or regulations, being a world leader is going to require the United States to take the initiative.  The right person with the right authorities at the top of the cyber pyramid will go a long way in separating the United States from other countries.  Otherwise, competing voices will continue to hamper U.S. cyber efforts, and while many can certainly contribute to the discussion, only one individual needs to advise the President.