Spaulding worked on the Cyberspace Solarium Commission, a bipartisan congressional project established in 2019 to chart the future of American strategy in cyberspace. The commission made enhancing and empowering CISA one of its top priorities.
Chaired by the independent senator Angus King and the Republican congressman Mike Gallagher, Solarium aims to make the CISA the lead cybersecurity agency for the federal government and private companies in the US. King is reportedly a leading candidate for Biden’s director of national intelligence.
The Solarium recommendations include bolstering CISA’s resources, facilities, and authorities. The commission wants CISA to lead the government response to major cyber incidents in both the public and private sectors and to have the authority to hunt cyber threats across the entire government outside of the military—which, they note, boasts a much larger cybersecurity budget at about $9.6 billion and growing, compared with approximately $2 billion for CISA.
“Significant breaches that we’ve seen in the past in government could have been mitigated and more rapidly dealt with” with a fully-realized CISA, says Mark Montgomery, Solarium’s executive director. “And we haven’t had, for example, a significant attack on the electric grid or water system yet—the kind of attack that would make us wish for a stronger CISA. We’re hoping we can get CISA ready before those happen.”
As Biden’s presidency approaches, members of both parties are hoping for a bigger budget for the agency and a strong signal from the new White House that CISA is the primary way the US government protects critical infrastructure that’s mostly run by private companies, whether in the domain of elections, finance, or energy. CISA’s mandate includes managing cybersecurity issues but also defending against other kinds of threats, like terrorism, weather disasters, and sabotage. To support that expansive mission, Spaulding says, the agency needs significantly more funding.
The Biden-Harris transition team did not respond to questions about CISA’s future.
The irony of Trump’s sudden interest in CISA is that his White House has done little or nothing to help the agency and its partners at the National Security Agency and the Federal Bureau of Investigation in their work of securing elections. To an unprecedented extent, the White House abdicated its responsibility for coordinating the work of different agencies on this major national security issue.
“What’s interesting is that somehow these departments and agencies have found a way to coordinate among themselves without the traditional coordination function at the White House,” says Tom Bossert, Trump’s former homeland security advisor, whose office would normally have taken the lead on that task. “Krebs, [cyber command and NSA director] Paul Nakasone, [FBI director] Chris Wray, and the director of national intelligence have found a way to integrate their operations without somebody sitting in the head chair at the table. There’s no precedent for this in the modern presidency.”
While the agency’s long-term trajectory is increasingly clear, the short-term future of CISA remains an open question. Krebs was fired in large part for creating a Rumor Control web page that combated disinformation in real time. So far, the page has stayed up and unchanged. Brandon Wales is well respected but could theoretically be moved out of the agency, so his fate continues to be tied to the president’s whims.
“He’s a brilliant analyst,” says Spaulding, who was Wales’s boss during the Obama administration. Wales “should help keep things on track at CISA as long as he’s allowed to stay in that position,” she says. “The challenge, of course, is that they are likely to continue to find themselves saying things that the White House doesn’t like.”