Trump’s national cyber director nominee dodges criticism of funding cuts

This audio is auto-generated. Please let us know if you have feedback.

President Donald Trump’s nominee for national cyber director spent his Senate confirmation hearing on Thursday calling for bold action to repel hackers but ducking questions about the impact of the administration’s proposed cybersecurity funding cuts.

Sean Cairncross, a former Republican National Committee official, White House adviser and Millennium Challenge Corporation CEO, told members of the Senate Homeland Security Committee that “these attacks are increasing, they’re becoming more sophisticated, and they’re scaling up.” But he repeatedly declined to address Trump’s push to cut nearly $500 million from the Cybersecurity and Infrastructure Security Agency’s budget nor the fact that the agency has already lost roughly one-third of its workforce to layoffs and buyouts.

When Sen. Andy Kim (D-N.J.) asked Cairncross why Trump was trying to cut funding amid rising threats, Cairncross responded that America’s adversaries “do not see a cost” to launching cyberattacks and that it was time for the U.S. to impose those costs. When Kim followed up by saying that the government needed to invest in employees who could develop and implement those costs, Cairncross dodged again, saying that if he confirmed he would ensure that his team found “the most efficient, effective way” to help “defend the United States from these attacks.”

Trump in February nominated Cairncross to lead the Office of the National Cyber Director, a unit within the White House that Congress created to serve as the President’s chief adviser on cyber issues, much like the Office of the U.S. Trade Representative.

“If you are confirmed, you will oversee the single biggest cut in cybersecurity dollars [ever],” Sen. Elissa Slotkin (D-Mich.) told Cairncross, referring to Trump’s CISA budget. She bemoaned the cuts to programs that help state and local governments and said infrastructure operators in Michigan have complained about a reduction in federal support.

Power companies, she told Cairncross, “have come to me and said, ‘We used to get quarterly updates from CISA and get a sense of the threat picture across the country. Now we don’t have that. We feel vulnerable.’”

Sen. Gary Peters (D-Mich.), the committee’s ranking member, pressed Cairncross on his lack of cyber experience and how he planned to make up for that deficit.

“It’s true, I don’t have a technical background in cyber,” Cairncross responded, “but in my roles running private organizations and national party committees, I’ve been on the user side of this. I’ve had to deal with foreign nation-attacks on our systems. We’ve worked with the FBI and the intelligence community to learn about them, to stop them, and to monitor those attacks.”

Republican senators gave Cairncross a friendlier treatment. Sen. Josh Hawley (R-Mo.) asked him how he would use his position to help protect small, rural hospitals, a major target of hackers. “The first thing is getting my feet on the ground,” Cairncross said, “working with all your offices in your states to ensure that I’m hearing and understand what those needs are.”

Because private companies operate so much of the infrastructure that hackers target, “a great relationship between the United States government and the private sector” is essential to cybersecurity, Cairncross said. As such, he promised to meet regularly with industry representatives to understand their needs, whether it be more information sharing or “working on a regulatory scheme that makes sense.”

Offensive cyber

During the Biden administration, ONCD focused on cyber defense issues and left questions of cyber offense, including the government’s deterrence policy, to the National Security Council. But Cairncross responded to many questions about combating cyberattacks by arguing that the U.S. needed to punish adversaries so they started thinking twice about hacking American companies and government agencies.

Calling China “without question the single biggest threat in this domain that we face,” Cairncross said Beijing’s ability to breach U.S. critical infrastructure and hold it at risk “is unacceptable.”

“I look forward to working to do everything I can to make sure that our adversaries, our enemies, and criminals who operate in this space know that it is not a cost-free endeavor,” he told Sen. James Lankford (R-Okla.).

Cairncross made a few promises to senators about cyber legislation. He told Peters that he’d work with Congress to reauthorize the 2015 Cybersecurity Information Sharing Act, which provides protections for companies that exchange threat data with the government. He endorsed Hawley and Peters’ Rural Hospital Cybersecurity Enhancement Act, which would require CISA to help hospitals address a dire cyber talent shortage. And he committed to working with lawmakers on the reauthorization of the soon-to-expire State and Local Cybersecurity Grant Program, which has proved to be a lifeline for cash-strapped localities. He said there was “no more important area” than the federal-state partnership on cybersecurity.

Source link