Executive Summary

In 2021, the Office of the National Cyber Director (ONCD) was established and statutorily charged with advising the President of the United States on matters related to cybersecurity. In the three years since, ONCD has matured into one of the several key components of the U.S. government’s policymaking apparatus for cybersecurity - across both the government and the private sector. However, several changes are needed to ensure the efficacy of the office, especially as it relates to these other relevant agencies within the U.S. government. 

The incoming administration has the ability to clarify and enhance ONCD’s mission and resources. This paper provides five key policy and structural recommendations to support this effort, with the goal of minimizing duplication of efforts, enabling accountability, and more broadly, increasing the security and resiliency of the U.S. cyber posture. These recommendations include:

  1. Update and clarify the ONCD mission statement, including a clear articulation of the policy making responsibility of the National Cyber Director (NCD) versus other key senior cyber leadership.
  2. Codify the NCD’s role as the U.S. Government’s lead external-facing cyber official.
  3. Improve collaboration between ONCD and the National Security Council (NSC) through dual-hatting a senior director. NSC/Cyber should also play more of a NSC/Intecon-like role for coordination between both entities.
  4. Staff ONCD with additional agency detailees and subject matter experts from within the government.
  5. Reinforce and codify the position of the Federal Chief Information Security Officer (CISO) within White House Office of Management and Budget (OMB), to be dual-hatted as a direct report to the NCD.

Ari Schwartz, Inés Jordan-Zoob, and Samara Friedman

Read Next

Cybersecurity Coalition Comments on CRA Implementing Regulation on Technical Descriptions of Products with Digital Elements

The Cybersecurity Coalition submitted comments to the European Commission’s open consultation on its draft Implementing Regulation on critical products with digital elements.

Cybersecurity Coalition Comments on UK Ransomware Proposals

The Cybersecurity Coalition submitted comments to the Home Office’s open consultation on Ransomware legislative proposals: reducing payments to cyber criminals and increasing incident reporting.

EU Releases Digital Europe Work Programmes for 2025-2027

The European Commission and the European Cybersecurity Competence Centre both released Work Programmes, which describe funding for the EU’s Digital Europe Programme.