The Senate Homeland Security Committee appears poised to advance Sean Cairncross to a full Senate vote for approval as National Cyber Director in President Donald Trump’s second term, as well as Sean Plankey, nominated to lead the Cybersecurity and Infrastructure Security Agency.
Cairncross — a former Republican National Committee official and CEO of the Millennium Challenge Corporation agency under Trump 1.0 — would be tasked with overseeing an office first stood up under Biden that has served as a key public-facing White House cyber policy interlocutor between federal agencies and Capitol Hill.
His nomination was announced in February. On Thursday, he appeared before the Senate homeland panel and received numerous questions about how he would coordinate responses to various cyberattacks, cybersecurity information-sharing and his relative lack of direct cybersecurity policy experience.
Plankey was also scheduled to appear before the committee Thursday, but he was pulled due to delays in finishing his FBI clearance process, CyberScoop reported Wednesday night. Despite this, a vote to confirm both Plankey and Cairncross was soon scheduled after the hearing wrapped.
Plankey’s nomination still faces a hurdle from Sen. Ron Wyden, D-Ore., who stated his intent to block Plankey’s nomination and said he plans to lift the hold once CISA releases a 2022 report on telecom industry security vulnerabilities.
This week, a group of former cybersecurity and national security officials sent a letter to the Senate Homeland Security Committee expressing support for Cairncross’s nomination.
“His impressive combination of experience in both the public and private sectors, as well as his ability to navigate government, build coalitions, and implement strategic approaches to the challenges facing the United States make Sean situated particularly well to this role,” the letter said.
Cairncross does not have direct cybersecurity policy experience, but said his past roles involved engagements with different parts of the U.S. cyber community.
“Sure, senator, it’s true. I don’t have a technical background in cyber,” he told committee Ranking Member Sen. Gary Peters, D-Mich., adding, “but in my roles running private organizations and national party committees, I’ve been on the user side of this. We’ve had to deal with foreign nation attacks on our systems. We’ve worked with the FBI and the intelligence community to learn about them, to stop them and to monitor those attacks.”
He did not elaborate. Last year, while Cairncross served in a chief position at the RNC, it was targeted by hackers possibly linked to China, The Wall Street Journal reported in February.
“On the management side, I have run thousands of people and billions of dollars in funds, and in doing those jobs, I surround myself with smart people to make sure that the right people are in the right place to do the jobs and take their advice,” he added.
He also committed to working with both Peters and Chairman Rand Paul, R-Ky., to renew a core cybersecurity information-sharing law that expires in September unless reauthorized by the Senate.
The expiring statute, as it stands, lets companies share cyber threat data with the government without facing various legal risks. Paul, whose historic opposition to CISA stems in part from clashes with the cyber agency over what he views as government overreach into online speech, said he wants to add language that explicitly bars the use of federal resources to curtail First Amendment rights — a proposal Cairncross said he had no issue with.
Cairncross appeared to also justify vast cuts to the U.S. government’s cyber workforce by saying that a vast majority of cyberdefenses fall on the private sector, though multiple Democrats on the committee were skeptical.
“Just be honest about it. You can’t say you care about an increasing and more sophisticated set of attacks while cutting the very people who help defend against those attacks,” said Sen. Elissa Slotkin of Michigan. “You’re going to be the guy. If we have our cyber 9/11, you’re going to be the guy who’s sitting there saying, ‘Holy crap, we just cut all this money.’”
Voting positions for the Homeland panel’s leaders are not entirely clear. Paul declined to comment to reporters, as well as Peters, who said, “you will see [my voting position] when the vote comes up.” The panel is a 9-8 Republican majority, giving the nominees the likely runway to at least move out of committee.
“The critical infrastructure community is looking for capable leaders that can refocus efforts on reducing risk. We care less about the politics, and more about competence,” Brian Harrell, former Assistant Secretary for Infrastructure Protection in Trump’s first term, told Nextgov/FCW.
“Industry fully recognizes that China is a formidable adversary, and every minute of every day should be dedicated to keeping nation-state adversaries out of our key networks and systems,” he added. “Today’s hearing was a breath of fresh air where we finally focused on threats, vulnerabilities, and potential solutions rather than social issues.”
