Skip to Main Content

Senate Confirms Jen Easterly as Second Director of CISA

Easterly brings a plethora of offensive cyber and information warfare experience, suggesting a more aggressive cyber focus for the agency.

7m read
Written by:
Jen Easterly, then with Morgan Stanley, speaks at a July 2018 event hosted by Fortune.
Jen Easterly, then with Morgan Stanley, speaks at a July 2018 event hosted by Fortune. Photo Credit: Stuart Isett / CC BY-NC-ND 2.0

The U.S. Senate unanimously confirmed Jen Easterly as the second director of the Cybersecurity and Infrastructure Security Agency (CISA) late Monday evening as ransomware attacks pound federal agencies and critical infrastructure companies across the U.S.

Easterly, who comes from Morgan Stanley where she is the head of Firm Resilience and the Fusion Resilience Center, brings a wealth of cyber experience to the role. During her 20-year stint in the U.S. Army, she stood up its first cyber unit. She served a year at the National Security Agency in 2006 on its elite hacking unit, Tailored Access Operations.

She was one of four NSA officials who stood up U.S. Cyber Command in 2009, which works with NSA to defend U.S. cyberspace and engage in offensive cyber activity. She then served as the deputy director for counterterrorism at NSA before moving into a White House role during the Obama administration, where she served as special assistant to the president and senior director for counterterrorism until the end of 2016.

Given Easterly’s experience in offensive cyber roles, her confirmation as head of CISA could signal a new direction for an infant agency that made a name for itself as the nation’s cyber defender under the leadership of former Director Chris Krebs.

Ransomware and cyberattacks are “at a place where nation states and non-nation state actors are leveraging cyberspace largely with impunity,” Easterly said at her confirmation hearing last week.

During the hearing, Easterly said she thinks federal agencies should have mandatory reporting requirements regarding cyber incidents.

“It seems to me that voluntary standards are probably not getting the job done,” she said. “I do think it’s important that if there’s a significant cyber incident, that critical infrastructure companies have to notify the federal government, in particular CISA.”

“Jen is a brilliant cybersecurity expert and a proven leader with a career spanning military service, civil service, and the private sector,” said Department of Homeland Security Secretary Alejandro Mayorkas in a statement. “I am proud to welcome her to the DHS team and look forward to working together to protect our country from urgent cybersecurity and physical threats.”

Woman typing at computer

Stay in the know

Subscribe now to receive our curated newsletters

Related Content
Woman typing at computer

Stay in the Know

Subscribe now to receive our newsletters.