Senate confirms Trump’s national cyber director nominee

The U.S. Senate late Saturday confirmed Sean Cairncross, a veteran Republican political operative with close ties to the Trump administration, to become the country’s third national cyber director, setting up a test of how tightly the president’s advisers will try to control cybersecurity policy from the White House.

Cairncross, a former chief operating officer and legal adviser at the Republican National Committee, served as the CEO of the Millennium Challenge Corporation during Trump’s first term. He does not have significant technology or cybersecurity expertise, although he told senators during his confirmation hearing that he had helped public and private organizations respond to cyberattacks. As head of the relatively new Office of the National Cyber Director (ONCD), he will have a significant opportunity to put his stamp on how the Trump administration approaches a wide range of cyber challenges.

Senators voted 59-35 to confirm him.

“As the cyber strategic environment continues to evolve, we must ensure our policy efforts and capabilities deliver results for our national security and the American people,” Cairncross said in a statement shared by his new office. “The United States must dominate the cyber domain through strong collaboration across departments and agencies, as well as private industry. Under President Trump’s leadership, we will enter a new era of effective cybersecurity policy.”

Congress created ONCD in 2021 to serve as the president’s chief adviser on cyber defense issues. During the Biden administration, the office led projects on growing the cyber workforce, improving open-source software security, protecting vulnerable critical infrastructure communities like K-12 schools, securing new energy technology, and streamlining cyber regulations. It also promoted closer government ties with security researchers, encouraged infrastructure projects to prioritize cybersecurity and championed work to secure space systems, internet routing technology and post-quantum cryptography.

Cairncross will have to decide which, if any, of those projects to continue and which new ones to launch. He has said little about where he will focus his office’s attention, although he is likely to prioritize regulatory harmonization, given Republicans’ complaints — echoed by the business community — that there are too many overlapping cyber rules. At his confirmation hearing, Cairncross promised to meet regularly with industry executives to understand how the government could help them.

ONCD’s workforce grew steadily during the Biden administration as its leaders tried to make it an authoritative voice on cyber matters within the government. But tensions between the office and the National Security Council (NSC) limited ONCD’s influence and even led to the resignation of the first national cyber director. Under Cairncross, the office could staff up again and push for greater authority.

Hacking back

Cairncross’s most emphatic comments on cybersecurity have involved offensive cyber operations, a topic that is outside of ONCD’s portfolio. At his confirmation hearing, he repeatedly argued that the U.S. could stem a growing tide of cyberattacks by hacking its adversaries to put them on notice. His focus on offensive activities represents a sharp departure from the vision of his Biden-era predecessors. But Cairncross’s views are likely to win him allies on Trump’s NSC cyber team, which is stocked with proponents of hacking back. Those relationships could help Cairncross avoid bureaucratic tensions and raise ONCD’s profile within the administration and in the public eye.

Warm reception

Leading national security experts have praised Cairncross for his management experience, relationship-building acumen and ability to “respond to rapidly evolving political dynamics shaping policy conversations at the highest levels of government.”

“Sean’s leadership, experience, and commitment to public service will be vital to [ONCD’s] growth into the center of gravity for cyber strategy, planning, coordination, and response,” Frank Cilluffo, director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security, said in a statement after Cairncross’s confirmation.