The overarching question imparting urgency to this exploration is: Can U.S.-Russian contention in cyberspace cause the two nuclear superpowers to stumble into war? In considering this question we were constantly reminded of recent comments by a prominent U.S. arms control expert: At least as dangerous as the risk of an actual cyberattack, he observed, is cyber operations’ “blurring of the line between peace and war.” Or, as Nye wrote, “in the cyber realm, the difference between a weapon and a non-weapon may come down to a single line of code, or simply the intent of a computer program’s user.”
The 2021 National Defense Authorization Act was full of cybersecurity legislation, much of which was recommended by the Cyberspace Solarium Commission. One of the provisions was the creation of a new, Senate-confirmed National Cyber Director (NCD) role. As of 15 January, President-Elect Biden has yet to announce who will occupy the inaugural role, but the cybersecurity community is eagerly anticipating the nomination, especially in the wake of the SolarWinds breach.
The NCD will have policy and budgetary authority to oversee development and implementation of the national cyber strategy and to coordinate national cyber incident response efforts. But what will this look like in practice? What will success look like for the first Director? What does the landscape look like for the NCD, and who must they work with to get the job done? These are some questions on our minds as the new Administration works to hit the ground running.
The Cyber Project welcomes Dr. Sasha O'Connell, Tatyana Bolton, and Kiran Raj in conversation with Lauren Zabierek to analyze the National Cyber Director role. Tatyana was a senior policy director for the U.S. Cyberspace Solarium Commission. Sasha and Kiran recently published their report, The United States Needs a Cyber Director: A Roadmap for Making It Happen in 2021.
You can read their report here: https://www.american.edu/spa/upload/ncd-guide-final-oct-2020.pdf
You can access the Cyber Solarium Commission report here: https://www.solarium.gov/report
Tatyana Bolton is the Policy Director for R Street’s Cybersecurity & Emerging Threats team. She crafts and oversees the public policy strategy for the department with a focus on secure and competitive markets, data security and data privacy, and diversity in cybersecurity. Other areas of research for the team include cyber metrics, Bureau of Cyber Statistics, content moderation, 5G, building capacity, state and local cybersecurity, and supporting innovation.
Most recently, Tatyana worked as the senior policy director for the U.S. Cyberspace Solarium Commission focusing on U.S. government reorganization and resilience portfolios. From 2017-2020, Tatyana also served at the Cybersecurity and Infrastructure Security Agency as the cyber policy lead in the Office of Strategy, Policy and Plans where she developed strategies for strengthening the cybersecurity of our nation’s critical infrastructure. Tatyana’s work included efforts on the Cyber Deterrence Strategy of the United States, the Department of Homeland Security Cybersecurity Strategy and the National Cyber Strategy.
Tatyana has published pieces in Lawfare and Defense News on cybersecurity clinics and women in cybersecurity. She also received an award for exceptionally meritorious service from the Cyberspace Solarium Commission.
She received a Master of Arts in security studies with a focus on Asian affairs from Georgetown University’s Walsh School of Foreign Service’s Security Studies Program and earned a Bachelor of Arts with honors in political science and theatre from the Ohio State University.
Dr. Sasha O'Connell
Sasha Cohen O’Connell, PhD is an Executive in Residence in the Department of Justice, Law & Criminology, School of Public Affairs (SPA), American University where she currently teaches cyber policy at the graduate and undergraduate levels. Additionally, she serves as the Director of the Terrorism and Homeland Security Policy Master’s program at SPA as well as a Senior Advisor to the National Security Sector of Guidehouse LLC. O'Connell's career in public service includes time in academia and the executive branch. She has spent the majority of her career at the FBI where she served most recently as the organization's Chief Policy Advisory, Science and Technology and as the Section Chief of Office of National Policy for the FBI's Deputy Director where she led policy engagement with the National Security Council on a wide breadth of issues.
Among other roles, O'Connell ran the FBI's Strategy Management Office where she led implementation of the Balanced Scorecard for the FBI's Director and served as Chief of the Executive Staff for the FBI’s Criminal Investigative Division where she led strategic planning, performance evaluation, training, and communications for the Bureau’s criminal programs. During her time at the FBI O'Connell focused her energy on enhancing strategic, risk-based decision making; driving cross-programmatic strategic initiatives; building partnerships across government and private sector; and driving strategic communications and outreach to enhance the public's understanding of the role of federal law enforcement.
As a founding board member of #NatSecGirlSquad, Ms. O'Connell mentors women entering the national security and law enforcement space and advises organizations on matters related to enhancing diversity in the national security space. O’Connell holds a Bachelor of Arts from Barnard College as well as an MPA and Doctorate in Public Administration from American University.
Kiran Raj currently serves as Executive Vice President for the Diem Association, where he leads overall ecosystem development, growth strategy, business design and execution for the project. Prior to joining Diem, Mr. Raj worked as a senior executive in a financial technology company that operates in the blockchain space. Before entering the blockchain industry, Mr. Raj worked in private legal practice as a partner at O’Melveny & Myers in Washington DC. In this role, he focused on helping companies with cybersecurity, national security, and privacy issues.
Before private practice, Mr. Raj served as Deputy General Counsel at the Department of Homeland Security, working directly with leaders of corporate America on the intersection of cybersecurity and privacy with law, policy, and technology. He held a similar role at the U.S. Department of Justice as Senior Counsel to the Deputy Attorney General. Prior to entering the legal profession, Mr. Raj was a lead program manager at Microsoft Corporation where he had responsibility for developing and deploying software tools and technologies that improved the security, compatibility, and overall application experience of the Windows operating system. He also worked at a Venture Capital Firm in New York where he focused on identifying undervalued technology companies and helping them achieve their potential.
Mr. Raj holds degrees from the University of California at Berkeley (B.S., Electrical Engineering and Computer Science) and the Emory University School of Law (J.D., First Honors Graduate). He is director emeritus of cybersecurity programs at the Scalia Law School at George Mason and an adjunct faculty at American University.