Cyber Director nominee talks AI, collaboration at confirmation hearing
Harry Coker, the Biden administration's choice to lead the Office of the National Cyber Director, said he'll draw on his experience as a program manager to make sure agencies hit their milestones on implementing the government's cyber strategy.
A lot of tech policy wonks in Washington, D.C., still haven't read the entire executive order on artificial intelligence released earlier this week by the White House. Harry Coker, the administration's pick to serve as national cyber director, was brave enough to admit the fact under oath at his Senate confirmation hearing on Thursday. But the nominee said he was excited about the prospects of the emerging tech to help manage workloads for cybersecurity pros.
"There is an awful lot of data that is not just available but that is essential to cybersecurity. So much so that big data analytics need artificial intelligence capability to process through those mounds of data and turn it into actionable intelligence in a timely manner. That's a direct area in which artificial intelligence can and must support cybersecurity," Coker told lawmakers on the Senate Homeland Security and Government Affairs Committee. "But like with many technologies and emerging capabilities, there are other sides that we need to be concerned about with artificial intelligence and AI. Although I haven't made it through the recent executive order just yet — it's over 100 pages — from what I've seen at the top level, there's recognition of those potential concerns. And that needs to be a focus area along with the potential benefits of artificial intelligence."
Coker, a Naval Academy graduate and a career public servant, was nominated by President Joe Biden to take over the vacant position in July. He served 20 years in the Navy before taking on senior roles at the CIA and the National Security Agency, including the post of executive director at NSA. He's currently senior fellow at Auburn University's McCrary Institute for Cyber and Critical Infrastructure Security and advises private companies on tech and cybersecurity.
He struck some familiar notes at his confirmation hearing in response to questioning from lawmakers: the importance of public-private partnerships and the need for cooperation among federal agencies and across state, local and tribal governments. But he also stressed his work deep in the weeds of naval and intelligence community operations.
In response to a question about delivering on the National Cybersecurity Strategy, Coker focused as much on the implementation plan as on the overall goals. He noted that there are 69 initiatives across 18 departments and agencies that need to be coordinated to operationalize the strategy.
"As a former program manager in the government, I know it's key to have cost, schedule and performance…metrics. They have to be there. If you can't measure it, you can't manage it. So ONCD, to their credit…has done a masterful job and pulling their strategy and implementation plan together."
Coker also spoke to concerns that many in the private sector have expressed about partnership with the government on cybersecurity issues. He likened private sector cybersecurity operators to a "combatant command" that is "on the front line fighting the threats every day," with ONCD as a "supporting command."
"National security, especially cybersecurity, requires partnerships across the public sector and the private sector," Coker said. "Although I've been in situations where that partnership wasn't a true partnership, where it was more one way: 'Give me what you got. Tell me what you know, and I'll see you later.'"
He sees the role of the National Cyber Director as "ensuring that the private sector knows there is a true partnership, and that their knowledge, their capabilities and their risks are appreciated and supported."
Coker also lauded the "Secure By Design" guidance updated by the Cybersecurity and Infrastructure Security Agency in October. The CISA guidance looks to the private sector to build security into software and services and to shift responsibility for cybersecurity away from end users and onto manufacturers.
"We need to ensure that it's not just a focus on first-to-market. It needs to be secure-to-market. And the government can incentivize secure-by-design, secure-to-market, and so that's the way that needs to be demonstrated as we shift that balance to realign the incentives towards that."