As the White House’s Office of the National Cyber Director (ONCD) approaches its fourth anniversary on Jan. 1, 2025, a group of cybersecurity experts is offering the incoming Trump administration five key policy recommendations to clarify ONCD’s mission.
In a report out last week, the Cybersecurity Coalition – made up of major industry players including Google, Red Hat, and Zscaler – is calling for actions to enhance the role of the nation’s top cyber czar by minimizing duplication of efforts, enabling accountability, and more broadly, increasing the security and resiliency of the U.S. cyber posture.
ONCD was established in 2021 under the National Defense Authorization Act (NDAA) following a recommendation from the Cyberspace Solarium Commission (CSC) for Congress to create a National Cyber Director (NCD) position.
“Over three years later, ONCD exists as a key component of the U.S. cybersecurity policy apparatus and is larger in size than originally envisioned,” the report says. “However, the exact nature of its role, and how it interacts with other governmental offices, can be ambiguous, and at times, even contested.”
The coalition noted that ONCD “legitimized” itself in 2024, but “there is more work to be done to improve its functionality as many observers, both inside and outside of government see the work of the office as unclear and sometimes duplicative of others in cyber policy.”
CSC originally recommended that ONCD be modeled after the White House’s Office of the United States Trade Representative (USTR).
“USTR maintains a staff of over 250 professionals who work through its own interagency structure to coordinate trade policy, resolve trade disagreements, and frame relevant issues for presidential decision-making,” the report notes. “Over a dozen other U.S. government agencies, commissions, and courts – such as the Department of Commerce, the Department of Justice, and the U.S. Court of International Trade – have authority over some element of international trade. In turn, many of these organizations work closely with USTR.”
It continues, “This is a similar situation to the complex jurisdictions for cyber policy and operations where multiple agencies need to work together to accomplish most objectives.”
Using the USTR model as a reference, there are tangible next steps the incoming administration can take to strengthen ONCD:
- Update and clarify the ONCD mission statement, including a clear articulation of the policy making responsibility of the NCD versus other key senior cyber leadership;
- Codify the NCD’s role as the government’s lead external-facing cyber official;
- Improve collaboration between ONCD and the National Security Council (NSC) through dual-hatting a senior director;
- Staff ONCD with additional agency detailees and subject matter experts from within the government; and
- Reinforce and codify the position of the Federal Chief Information Security Officer (CISO) within White House Office of Management and Budget (OMB), to be dual-hatted as a direct report to the NCD.
The Cybersecurity Coalition recommends that the Trump-Vance administration take these actions through executive orders, presidential policy directives, and legislation in Congress – particularly the NDAA.
“The incoming Trump administration could address some of these issues as it nominates the next NCD and other cyber policy roles,” the report concludes. “Congress will also need to act, working with the administration, to ensure that many of these roles and authorities are properly delineated going forward.”
