While the Office of the National Cyber Director (ONCD) is still the new kid on the block in Federal cybersecurity policy circles, National Cyber Director Chris Inglis said this week that his office’s success ultimately will hinge on whether it can unite policy, people, and doctrine to act as a viable collaborator with the Federal government and private industry.
Everything at ONCD is still pretty new: Inglis was confirmed as the first-ever NCD in June 2021, and the office’s funding was only approved in November through the Infrastructure investment and Jobs Act. While Inglis is a very well-known quantity in Federal security circles – having spent decades at the National Security Agency – the NCD made clear this week the value of collaboration with related agencies trumps any aim to take over the hierarchy of Federal cyber defenders. ‘
“We’re part of a larger team,” Inglis said at Cyber Initiatives Group’s 2022 First Quarter Summit event on Feb. 9. “Both the U.S. government and the private sector have extraordinarily deep and sharp talents just about everywhere you look. The Office of the National Cyber Directorate’s role is to not try to compete with that or to achieve any degree of hierarchy over that, but rather to support Federal coherence.”
“We’ll succeed if we unite policy, people, and doctrine,” Inglis said. “The old saw in this space is ‘nothing can be strategic in the absence of strategy.’”
Inglis said the job starts with making sure that President Biden’s Management Agenda is fulfilled across the Federal agencies responsible for cybersecurity, and that partnerships are built with the private sector. He said the job needs to be approached not as a simple division of labor, but as a move towards collective defense.
“We have to use all of our capabilities, all of our parties, all of our sightlines to figure out when one of us catches something – some nuance, some loose thread – compare that immediately with the other insights, hunches, threads, shards of information that someone else may have,” he said. “So that together, we can discover something no one of us can discover alone and, frankly, get to a place where if you’re an adversary in this space, you got to beat all of us to beat one of us.”
In order to get to that point, Inglis emphasized the need to make sure that the current lines of effort work for not just technology, but also across roles and responsibilities, in order to, over time, increase resiliency and decrease the number of cyber events experienced.
“The bias in these near-, mid-, and long-term priorities has to be one that increasingly says that, while response is important, increasingly we need to get to where we have resilience as a proper complement to the response so that we can avoid these events,” Inglis said.
He said the need to move towards collective defense has to include the prioritization of present investments aimed at increasing resiliency down the line. And he said that budget priorities should follow that same line of thought, where investments that create “unity of purpose” and “unity of effort” are prioritized over investing in siloed projects.
“Operational priorities will continue to be driven by risk, particularly threat and consequence, but we need to figure out how do we actually create collaborative relationships that are guided by efforts like tabletop exercises or the exchange of information without precondition so that we can achieve professional intimacy,” Inglis said.