Sean Cairncross, the White House’s nominee to serve as national cyber director, told lawmakers during his confirmation hearing on Thursday that interagency and public-private partnerships will be a top priority for him if his nomination wins full Senate approval.
Cairncross, who President Donald Trump nominated in February, would be tasked with overseeing the Office of the National Cyber Director (ONCD). The office, first stood up under the Biden administration in 2021, is responsible for advising the president on cybersecurity policy and strategy.
“A goal of mine is to make sure that this office sits at the place that this committee, and I believe Congress intended in the statute, and that is to lead cyber policy coordination across the Federal government,” Cairncross told members of the Senate Homeland Security and Governmental Affairs Committee during today’s hearing.
“In doing that, working with our interagency partners is vital,” he said. “We’ve been empowered to work with [the Office of Management and Budget] to ensure that budget alignment among the interagency aligns with administration policy, and I think that those tools have to be leveraged, and the relationships between us and the interagency – it’s making sure that it is monitored and enforced.”
Cairncross currently is the chief counsel at the Republican National Committee. The nominee lacks some of the experience that the first two national cyber directors brought to the job – both came to the role after serving at the National Security Agency (NSA).
Ranking Member Gary Peters, D-Mich., asked Cairncross about his lack of cybersecurity experience, to which he admitted, “It’s true, I don’t have a technical background in cyber.”
“But in my roles running private organizations and national party committees, I’ve been on the user side of this. I’ve had to deal with foreign-nation attacks on our systems. We’ve worked with the FBI and the intelligence community to learn about them, to stop them, and to monitor those attacks,” he said. “On the management side, I have run thousands of people and billions of dollars in funds, and in doing those jobs, I surround myself with smart people … and take their advice.”
Nevertheless, the nominee pledged to work with Sen. Peters to extend the Cybersecurity Information Sharing Act of 2015, which is set to expire on Sept. 30. That law provides companies with protections to share cybersecurity threat information with the Department of Homeland Security and with each other through formal and informal channels.
Cairncross also pledged to work with Sen. Maggie Hassan, D-N.H., to reauthorize another law set to expire on Sept. 30, the State and Local Cybersecurity Grant Program (SLCGP).
Congress established the SLCGP as a part of the Infrastructure Investment and Jobs Act of 2021. The grant program – which operates under a partnership between the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency – has provided $1 billion in funding over four years.
“It is extremely important, the relationship between the state and Federal government on this attack,” Cairncross said, telling Sen. Hassan, “Yes, I look forward to working with you on that issue.”
Cairncross also discussed the recent Salt Typhoon and Volt Typhoon cyber campaigns, both of which are China-based.
“China is, without question, the single biggest threat in this domain that we face,” Cairncross said. “They are targeting the most vulnerable among us … Volt Typhoon was critical infrastructure. They are squatting on our system. It is imposing, as I’ve said, a strategic dilemma on us, and that behavior needs to change.”
“In order to do that, I believe we should begin to impose strategic dilemmas on our adversaries in this domain,” he said. “These attacks are increasing, they’re becoming more sophisticated, and they’re scaling up. And so, I believe that this office was intended by the statute, to help coordinate and focus that policy.”
The nominee emphasized that as these attacks are becoming more sophisticated, “what really is key – since so much of cyber defense falls on the private sector in our country – is a great relationship between the United States government and the private sector.”
Today’s nomination hearing was supposed to also feature Sean Plankey, the nominee to serve as the next CISA director, who did not appear before the committee.
Despite his absence, the committee scheduled a June 12 vote to confirm both Plankey and Cairncross soon after the hearing adjourned.
Sen. Ron Wyden, D-Ore., said in April he planned to place a hold on Plankey’s nomination. The senator said he would “object to considering” the nomination until CISA publicly releases an unclassified report titled “U.S. Telecommunications Insecurity 2022.”