Executive Summary

In 2021, the Office of the National Cyber Director (ONCD) was established and statutorily charged with advising the President of the United States on matters related to cybersecurity. In the three years since, ONCD has matured into one of the several key components of the U.S. government’s policymaking apparatus for cybersecurity - across both the government and the private sector. However, several changes are needed to ensure the efficacy of the office, especially as it relates to these other relevant agencies within the U.S. government. 

The incoming administration has the ability to clarify and enhance ONCD’s mission and resources. This paper provides five key policy and structural recommendations to support this effort, with the goal of minimizing duplication of efforts, enabling accountability, and more broadly, increasing the security and resiliency of the U.S. cyber posture. These recommendations include:

1. Update and clarify the ONCD mission statement, including a clear articulation of the policy making responsibility of the National Cyber Director (NCD) versus other key senior cyber leadership.
2. Codify the NCD’s role as the U.S. Government’s lead external-facing cyber official.
3. Improve collaboration between ONCD and the National Security Council (NSC) through dual-hatting a senior director. NSC/Cyber should also play more of a NSC/Intecon-like role for coordination between both entities.
4. Staff ONCD with additional agency detailees and subject matter experts from within the government.
5. Reinforce and codify the position of the Federal Chief Information Security Officer (CISO) within White House Office of Management and Budget (OMB), to be dual-hatted as a direct report to the NCD.

‍