The former top cybersecurity official on Joe Biden’s presidential campaign said late Monday that he is now in charge of helping protect the federal government’s sprawling bureaucracy from hackers.
Chris DeRusha, also a former White House cybersecurity official in the Obama administration, announced his appointment as the federal government’s new chief information security officer on LinkedIn. Maria Roat, the acting Federal CIO, confirmed DeRusha’s appointment early Tuesday.
As Federal CISO, DeRusha will be responsible for coordinating cybersecurity policy across the federal bureaucracy and prodding agencies to fortify their networks in the wake of a suspected Russian hacking campaign that has infiltrated the departments of Justice, Energy and others.
DeRusha is returning to familiar territory, having served as a White House cybersecurity adviser when Biden was vice president. DeRusha is also well-versed in election security issues, having worked as Michigan’s chief security officer before the Biden campaign hired him to prevent a repeat of the 2016 Russian hack-and-leak operation that rattled Hillary Clinton’s campaign.
There weren’t any reports of significant breaches of the Biden or Trump campaigns during the 2020 election. The Biden campaign did have to deal with suspected Chinese hackers who tried, apparently unsuccessfully, to compromise staffers.
DeRusha also served as a senior cybersecurity official at the Department of Homeland Security in the Obama administration, and as a security executive at Ford Motor Co. in 2017 and 2018, according to his LinkedIn profile.
The Obama administration created the Federal CISO post five years ago to give the White House more oversight over federal agencies’ security practices, and to make the execution of U.S. cybersecurity strategy more coherent. The Federal CISO works closely with the security chiefs of other agencies, and with DHS, to assess whether agencies are making progress in securing their networks.
The Federal CISO has different responsibilities from the newly created national cyber director, which has a far broader and more generalized coordination role both inside and outside the government. The White House has yet to nominate a national cyber director. It’s a position that, unlike the Federal CISO, requires Senate confirmation.
Matt Masterson, a former DHS official focused on election security, praised DeRusha’s appointment, calling him “an absolute pro who understands how to navigate the bureaucracy” of government IT.
Greg Touhill, who served as the first Federal CISO in the Obama administration, said: “Chris understands the government cyber landscape at both state and federal levels.”
“He faces significant challenges as he assumes this important post at this pivotal time in history,” Touhill said. “All of us who have served are rooting for his success.”
Biden has made responding to the alleged Russian hacking operation, which used tampered software from federal contractor SolarWinds, a priority in the early days of his administration. DeRusha will join two veterans of the National Security Agency — Anne Neuberger and Michael Sulmeyer — in the Biden White House.
DeRusha was also a member of a “technology strategy and delivery” unit of the Biden transition team, according to LinkedIn. It’s a role that could have given DeRusha insight into the challenges of securing federal networks in the aftermath of the SolarWinds breaches.