Full Report
Coker spoke to Recorded Future News about his time as National Cyber Director, what he considers his biggest successes and what he would tell his replacement – who is currently going through the confirmation process.
Analysis Summary
# Main Topic
Review and reflections on the tenure of Harry Coker, Jr. as the National Cyber Director (NCD), focusing on key successes, strategy implementation, and advice for his successor concerning national cybersecurity policy and collaboration.
## Key Points
- **Apolitical Stance:** Coker emphasized maintaining an apolitical approach to the NCD role, stressing that national cyber security is too important to be divided by political ideologies.
- **Interagency Collaboration:** A major win cited was implementing a more collaborative and transparent approach within the executive branch agencies, focusing on building mutual trust to leverage core competencies.
- **Workforce Development:** Progress was made with the Office of Personnel Management (OPM) to address and reduce unnecessary requirements for four-year degrees in cyber roles, acknowledging the high skill level of individuals (e.g., at NSA, USCYBERCOM, DISA) without such traditional qualifications.
- **Strategy Implementation:** The National Cybersecurity Strategy, which predates Coker's direct leadership but was actively implemented, was highlighted. A key success was creating an implementation plan with milestones, deliverables, and assigned lead entities to ensure the strategy was actively followed rather than shelved.
- **Internet Foundational Security:** Efforts were made to address decades-old vulnerabilities in the internet's foundation, particularly citing the need to resolve issues with Border Gateway Protocol (BGP) hijacking.
- **Regulatory Harmonization Challenge:** A significant ongoing challenge is achieving cybersecurity regulatory harmonization across sectors, which requires bringing independent regulators on board while respecting their independence to lower business costs and increase national security.
- **Measurement Difficulty:** A recognized struggle was quantifying the effectiveness of the NCD office, as it is primarily a strategy and policy shop without direct links to operational outcomes.
## Threat Actors
- Not applicable. This context focuses on policy, strategy, and internal government operations rather than specific external threat actor campaigns. State adversaries were mentioned generally in the context of BGP hijacking.
## TTPs
- **BGP Hijacking:** Adversaries have historically hijacked U.S. internet traffic using weaknesses in the Border Gateway Protocol.
- **(Implied) Policy Avoidance:** The difficulty in ensuring implementation and adherence to strategies (strategies sitting "on the shelf") suggests an internal challenge rather than an external TTP.
## Affected Systems
- **Internet Infrastructure:** Focus on foundational internet protocols (specifically BGP).
- **Federal Workforce/Hiring:** Issues related to credentialing requirements by OPM affecting the pipeline for skilled cybersecurity professionals.
- **Executive Branch Agencies:** The broad network of departments and agencies involved in implementing the National Cybersecurity Strategy.
## Mitigations
- **Prioritization and Role Clarification:** Advising the successor to prioritize cybersecurity and clearly define the roles and responsibilities of the NCD office.
- **Continued Interagency Work:** Persistent focus on working across the interagency structure.
- **Regulatory Harmonization:** Advocating for collaboration with independent regulators to establish necessary national cybersecurity regulations tailored by sector.
- **Skill Over Degree:** Continuing efforts to remove unnecessary degree verification requirements to expand the skilled cyber workforce.
## Conclusion
Harry Coker’s tenure prioritized non-partisan policy execution, collaborative governance across the executive branch, and laying the strategic groundwork for national cybersecurity improvement, most notably through the implementation plan accompanying the National Cybersecurity Strategy. The most critical ongoing challenges remain internet infrastructure hardening (BGP), achieving regulatory alignment among independent bodies, and advising the successor to maintain focus on collaboration and clear mandate definition.