In his first public remarks since his Senate confirmation, National Cyber Director Sean Cairncross pledged to spearhead a “whole-of-nation approach” to defend U.S. cyberspace, explaining that a strong cybersecurity workforce is central to that effort.
Cairncross, who the Senate confirmed in August, laid out that vision during a keynote address at the Billington CyberSecurity Summit in Washington, D.C.
“The Trump administration will drive a new, coordinated strategy. This will advance U.S. interests and thwart our adversaries in cyberspace,” Cairncross said. “We must work together, using all of our nation’s cyber capabilities to shape adversary behavior and, most importantly, shift the burden of risk in cyberspace from Americans to them.”
The national cyber director explained that America’s “most aggressive and capable adversary is China.” He pointed to Volt Typhoon and Salt Typhoon – hacking groups backed by the Chinese government – as examples of China’s “audacity.”
Cairncross vowed that the United States would impose costs on such behavior, which he called “unacceptable,” while working with allies.
“I’m committed to marshaling a unified whole-of-nation approach on this, working in lockstep with our allies who share our commitment to democratic values, privacy, and liberty,” he said. “Engagement and increased involvement with the private sector is necessary for our success.”
Immediate Steps
Cairncross pointed to three “immediate” priorities of his as national cyber director. The first, he said, is working to pass the reauthorization of the soon-to-expire Cybersecurity Information Sharing Act of 2015 (CISA 2015).
The 2015 law put in place a legal framework for the government and the private sector to share cybersecurity threat data. The law has been hailed since then as foundational to improving U.S. cybersecurity.
“This law galvanized our collaboration a decade ago, and the White House understands the advantages and liability protections this legislation provides,” Cairncross said, adding, “I’m actively working on Capitol Hill to ensure that they remain intact, and you should be doing the same.”
The second priority, he said, is for the federal government to “get its own house in order.”
“Our federal systems need rapid modernization, and we’re working on policies to harden our networks, update our technologies, and ensure that we’re prepared for a post-quantum future,” Cairncross said.
He explained that the Office of the National Cyber Director is working with the Office of Management and Budget and other agencies on this effort
The third priority, he said, is that “industry must uphold standards like security and privacy by design, and government must streamline cyber regulations and the compliance burden to ensure that the private sector can focus resources on meaningful actions and assets, rather than on a compliance checklist.”
“This requires regulators to come to the table and for the private sector to step up,” Cairncross stressed. “Our cyber adversaries are not slowing down, and we must set the policy and commit the resources necessary to optimize our defense and resilience to stay ahead.”
Finally, Cairncross said, “We also need the workforce to do it.” He said the cybersecurity workforce is “an asset worthy of great investment.”
The national cyber director noted that strengthening the cyber workforce will continue to be a priority in President Donald Trump’s second term, but he also called it “a critical team effort.”
“Industry, academia, governments, and military must eliminate roadblocks and align incentives to build a patriotic workforce. We need a pipeline that develops and shares talent,” he said.
“It should be pragmatic and accessible, reconciling and taking advantage of existing avenues within academia, vocational schools, corporations, and venture capital opportunities – to not only educate and train our existing cyber workforce, but to also recruit new talent, preparing the next generation to design and deploy exquisite emerging technologies in cyber,” he said.
In closing his remarks, Cairncross painted the cyber fight as a test of America’s strength and determination.
“We recognize the enormous effort in squaring up to this challenge, but just because it’s difficult doesn’t mean it cannot or will not get done. This is, after all, America,” he concluded.