National Cyber Director Harry Coker, Jr. speaks on the role of the Office of the National Cyber Director, its past successes and lessons learned for the future at the Foundation for Defense of Democracies on Jan. 7. Courtesy: Jeff Song/FDD
US has ‘a lot of work to do’ on network defenses, departing cyber czar says
Outgoing National Cyber Director Harry Coker thinks his office needs more influence over the federal cyber budget—but not necessarily more authority on offensive cyber operations.
As White House cyber-policy lead, Harry Coker has helped oversee efforts to develop the federal workforce, harmonize regulations, and promote memory-safe programming. On Tuesday, the outgoing National Cyber Director offered a suggestion for the incoming administration: We need to up our game.
“There’s so many challenges that the nation has to take on. Open up the papers nowaday, you read about pre-positioning on our critical infrastructure [and] our telecommunications systems being compromised,” Coker told reporters on the sidelines of a talk at the Foundation for Defense of Democracies, a national security think tank in Washington, D.C.. “We have a lot of work to do. I can’t sugarcoat that.”
Coker delivered a speech that outlined the work his office has done in the U.S. cyber policy world over the past few years and said during a fireside chat that he wishes in the future for ONCD to have more say in the federal government’s cybersecurity spending.
“It’s good to give budget guidance. We need to give budget direction when it comes to cybersecurity,” he said. “I would love for the incoming administration, or any administration, to recognize the priority of cybersecurity. It’s a responsibility that every department and agency needs to stand up to. We need to give more than guidance when it comes to cybersecurity budgets.”
That budget approach is part of a broader wishlist to have future leaders focus on the cyberdefenses of the nation. The federal government is a constant target of cybercrime groups and nation-state hacking syndicates. Outside the government, private sector organizations are frequently subjected to ransomware attacks or surreptitious hijackings of infrastructure they own or operate.
Perhaps ONCD’s flagship product was the March 2023 national cybersecurity strategy that reflected conclusion that regulation, not voluntary efforts, were needed to make the U.S. more secure from hackers. Many of its components remain unimplemented.
It’s not entirely clear how a Trump-era ONCD would oversee future cyber proceedings. As Coker departs, the office is still working through sweeping regulatory harmonization efforts to help streamline reporting rules for organizations when they’re hit in a cyberattack. The office is also trying to transition federal cyber jobs toward a skills-based hiring structure by this summer.
The office also queued up a forthcoming software liability regime that aims to legally hold software makers accountable for lax security practices.
Asked about how the incoming administration’s slimmer regulatory style could intersect with that software regime, he said balance will be key and that “I expect it’s going to be a set of options on various extremes.”
Coker noted some parts of industry have expressed interest in software liability, namely when it comes to third-party supply chain compromises, where one organization is breached because of another organization’s software tethered onto their systems.
In his speech, Coker said the ONCD team “will serve the American people in the Trump administration and beyond with dedication and excellence.”
Incoming Trump officials and lawmakers have recently signaled a desire to hack back against cyber adversaries, namely in response to recently discovered Chinese intrusions into telecom infrastructure.
But Coker said he’s of the view that ONCD doesn’t need to have an added say in offensive cyber activity right now.
“I think, offensively, we’re covered. It’s a good setup for offense,” Coker told reporters when asked about the office’s role in attack-oriented cyber operations. He referred to NSA, Cyber Command and other federal entities that oftentimes have the digital threat hunting capabilities available to them.
“Our hands are full on cybersecurity on defense. I’d like to get that squared away first before we look at taking on any additional responsibilities,” he said. On stage, he said the U.S. has to do a “better job deterring the [People’s Republic of China]” through “deterrence by denial” where cyber defenses are shored up in a way that Chinese state-aligned hackers wouldn’t be able to intrude into American systems.
As for his future, Coker said he doesn’t know and is currently not looking around for new work. But he appears to be keeping the door open.
“I’m always interested in public service,” he said.