The Former NSA Official Vying to Steer Biden’s Cyber Policy

(Bloomberg Businessweek) -- Anne Neuberger, the Biden administration’s Deputy National Security Advisor for Cyber and Emerging Technology, organized a virtual summit on ransomware for Oct. 13, 2021. She invited representatives from about 30 countries and the European Union, but no one from several of the key U.S. agencies handling cybersecurity, including the Department of State, the Cybersecurity and Infrastructure Security Agency, and the newly created Office of the National Cyber Director.

Officials at all three agencies eventually received invitations to attend, but only as observers, and people at State and CISA came away feeling rankled, according to five people familiar with the summit who requested anonymity to discuss the politically sensitive event. The flap reflected mounting tension within the Biden administration as different factions vie for control over a critical policy area—and reinforced the impression that Neuberger, a former star at the National Security Agency (NSA), has developed into a sharp-elbowed power player within the White House. “Anne basically ran the summit like it was a covert operation,” says a former senior U.S. cybersecurity official familiar with the planning, who asked not to be named because sensitive details are involved.

The stakes of bureaucratic tussling are high. Over the last year gangs of criminal hackers, some with ties to the Russian government, have carried out a series of disruptive attacks on U.S. businesses and critical infrastructure, and Russian President Vladimir Putin has shown little inclination to cooperate in attempts to rein them in. Rising tension with China raises the prospect of cyberconflict with an even more formidable adversary.

For more than a decade, U.S. cybersecurity policy has been hampered by confusion and internecine power struggles. Over the last two years of the Trump presidency, there was no one who had clear authority to take charge. The Biden administration seems to have the opposite problem. The president brought Neuberger into the White House last January, but she was on the job only a few months before the Senate confirmed Chris Inglis, a former mentor of hers, as the country’s first national cyber director.

Inglis, who reports directly to the president, immediately became a rival power center. “It created an awkward situation from having nobody in charge of cyber to having two people in charge of cyber,” says John Nagengast, a 38-year veteran of the NSA, who then spent 15 years working on security issues at AT&T.

The Biden administration can make the case that things are getting better. It successfully recovered most of the ransom paid to the perpetrators of a hack that took down Colonial Pipeline, the U.S.’s largest fuel pipeline, and the biggest attacks have tapered off from the first half of 2021. “We have accomplished more to modernize national cybersecurity in the public and private sector in that last 12 months than in the past decade,” says National Security Advisor Jake Sullivan, who credits Neuberger for much of the improvement.

According to interviews with more than 40 people who know Neuberger personally or professionally, she is known as a brilliant tactician who can command a room and bend government bureaucracy to her will. But her relentless style has also made her a polarizing figure throughout her 14-year career in government. Neuberger had a particular tendency to butt heads with lawyers, say people who worked with her, an attribute that some of her NSA colleagues admired. “If she thought, ‘This is what we need to do,’ she would push and try to get it done,” Nagengast says. “And people that objected to that, sometimes she would run them over, basically.”

Neuberger, 45, was born into an Orthodox Jewish family in Brooklyn, N.Y. Seven of her eight great-grandparents were killed at Auschwitz; her parents, George and Renee Karfunkel, were on a plane that Palestinian terrorists hijacked in 1976 and were held hostage at Entebbe airport in Uganda for a week before Israeli commandos rescued them. Throughout her career, Neuberger has continued to keep kosher and get home in time for the sabbath, although national security crises now occasionally intervene.

George Karfunkel started American Stock & Transfer Trust Co. in 1971 with his brother, Michael. The company made both men billionaires, and Neuberger started her career there as a computer programmer in 1993. Her parents didn’t want her to attend college, but she persuaded them to let her go to an all-girl’s night school while she continued working at her father’s company; she eventually received a double master’s degree from Columbia.

Neuberger has attributed her interest in a career in national security to her family’s personal history with terrorism and her experience living in New York on Sept. 11. She got a job as a White House fellow in 2007 and quickly stood out even among the other overachievers in the program. Three years later, Neuberger became special assistant to Keith Alexander, then-director of the NSA, and the two became close. In what would become a common thread in her career, Neuberger’s quick rise to favored status caused some resentment in an agency whose top ranks have always been dominated by men. “She was initially viewed as an outsider, and she had the eye of the director,” says one former NSA employee. “So immediately antibodies in the NSA culture start to come out.”

Neuberger soon began running one of Alexander’s favorite projects, a program to foster cooperation with private industry to help protect domestic infrastructure. In May 2013 she took over as the director of the NSA’s Commercial Solutions Center, which worked with private companies to collect intelligence and develop cybersecurity tools. These partnerships became the center of the biggest scandal in NSA history one month later when Edward Snowden, an NSA contractor, leaked documents implicating a handful of major technology and telecom companies in a massive domestic surveillance operation.

The Snowden leak left the NSA to deal with angry and embarrassed corporations it depended on for intelligence operations, and Neuberger was central to the agency’s efforts to clean things up. Serving as its chief risk officer, she embarked on a cross-country apology tour, meeting with people from private industry, academia, and the media. “She was one of the first people that was trusted to speak on behalf of the agency,” says Sabra Horne, who worked closely with Neuberger at the time.

One of Neuberger’s last big projects at the NSA was to establish its Cybersecurity Collaboration Center in 2020, in which employees from private companies work shoulder to shoulder with NSA employees on private cyberthreats. The center’s existence, and the NSA’s public promotion of it, would have been unthinkable in the immediate aftermath of the Snowden scandal. Current NSA Director Paul Nakasone credits Neuberger with reshaping the agency’s relationship with the private sector, making the project possible. “She’s a change agent,” he says. “She’s someone that can take an idea, operationalize that idea, and challenge some of the assumptions on which it’s made.”

The highly politicized environment of the White House could be a stumbling block for Neuberger, says Michael Rogers, who was NSA director from 2014 to 2018. “I would argue now she’s in a totally different world over there,” he says. “So it’ll be interesting to see how that plays out for her in a totally new environment. Because I doubt she’ll be in that job for four years.”

Soon after being appointed, Neuberger wrote a sweeping executive order requiring federal contractors to meet certain cybersecurity standards. She also served as the public face of the administration, briefing reporters at the White House when the attack on Colonial Pipeline led to panic buying of gasoline across the East Coast.

But Neuberger had to begin sharing the spotlight when the Senate confirmed Inglis as national cyber director in June. Despite their past relationship, many people within the cybersecurity apparatus became concerned that having two new powerful cybersecurity roles would lead to turf battles. Inglis and Neuberger sat together for an hourlong interview on Oct. 28 at the Center for Strategic and International Studies in Washington. The purpose of the event, according to two people familiar with its planning, was to show that they’d get along. But the strain has been evident to people close to them. After the issue with the invitations to the ransomware summit, Inglis was caught off guard again in December when he learned of Neuberger’s plans to summon technology companies to the White House to discuss open source software.

The tension is also affecting other senior government officials who want to get everyone pulling in the same direction. In February, Senator Mark Warner (D-Va.), chairman of the Senate Select Committee on Intelligence, was initially effusive about the Biden administration’s choice of Neuberger. He says he talked to Neuberger soon after the SolarWinds cyberattack but has not had much contact with her since. Warner wants to understand how the pieces of the administration’s cybersecurity policy interact, he says, but he’s been frustrated in his attempts to figure it out: “There’s still some confusion in my mind.”
 
Read next: A Growing Army of Hackers Helps Keep Kim Jong Un in Power

©2022 Bloomberg L.P.