Keeping the world’s focus on cyber

Christopher Painter, a former coordinator for cyber issues at the State Department under both the Obama and Trump administrations, says greater international engagement is required to face down malicious nations and cybercriminals alike.

“It’s becoming more of an issue on the world stage,” Painter told The Hill during a recent interview. “We saw on the one hand I think we have to band together, on the other hand we have to not just be worried about the technical challenges; there are policy challenges, too.”

Painter helped create the Office of the Coordinator for Cyber Issues, which was merged with another in the State Department in 2017 under the Trump administration. He stepped down from the position that year, and under former Secretary of State Mike Pompeo, the Bureau of Cyberspace Security and Emerging Technologies was announced last year.

Concerns around cybersecurity on the world stage have increased substantially over the past year, which featured some of the largest cybersecurity incidents the U.S. has seen. These included the SolarWinds hack, which allowed Russian state-backed hackers to compromise numerous U.S. federal agencies, including the State Department, for most of 2020, along with the exploitation of vulnerabilities in Microsoft’s Exchange Server by Chinese hackers early this year.

But Painter has hope that cybersecurity at the State Department will be strengthened under President Biden.

“It’s welcome that the Biden administration has said right from the beginning that they’re more committed to doing work with other countries, across the board but also in this area, and cybersecurity is going to be a priority at every level of the administration,” he said. “I’m confident they’re going to do something to elevate this and give it better resources.”

Painter’s interest in cybersecurity-related issues started at a young age. Born to a public accountant and an Italian artist in New York’s Greenwich Village, he pursued his interests in technology and computer science during his undergraduate courses at Cornell University and during law school at Stanford University.

After taking positions including a clerkship for a judge on the U.S. Court of Appeals for the 9th Circuit, Painter began taking a deep dive into cybersecurity-related cases during his time as an assistant U.S. attorney in Los Angeles.

He eventually moved to the nation’s capital to work at the Justice Department — or the “mothership,” as he calls it — helping to lead the agency’s Computer Crime and Intellectual Property Section for seven years and later serving briefly as deputy assistant director of the FBI’s Cyber Division.

After leaving the Department of Justice, Painter helped spearhead cyber policy at the White House under former President Obama, serving as the senior director for cyber policy and the acting cybersecurity coordinator in the National Security Council.

Painter noted that while the George W. Bush administration had made good progress on cybersecurity, Obama was forced to confront the issue more directly following an effort by hackers to steal information from both his and former Sen. John McCain’s (R-Ariz.) 2008 presidential campaigns.

“I think Obama got it and others got it, partly because his campaign was hacked into,” Painter said. “I do think there was an urgency there … where I started really seeing that changing in terms of cybersecurity was during the Obama administration.”

His time at the State Department allowed him to assist in putting the U.S. front and center in cyberspace on the world stage, with Painter helping to create the Office of the Coordinator for Cyber Issues.

“When I started the office at the State Department, part of the reason for that was to take it out of this purely technical issue and really make it a core foreign policy issue,” he said. “We were the first office in the world, there are now 40 of them around the world, lots of other countries, including countries we don’t agree with. It created this whole new level of foreign policy focus that hadn’t been there.”

The Trump administration was criticized by cybersecurity experts for both merging the State Department cyber office and eliminating the White House cybersecurity coordinator position, a role that has now been elevated and revived in the form of National Cyber Director Chris Inglis.

“It wasn’t that the Trump administration did nothing, because they did do some good things … but the policy was sort of disjointed, certainly it wasn’t ever a priority for the president, he always conflated it with Russia issues, I think,” Painter said.

Painter expressed support for the Cyber Diplomacy Act, a bipartisan bill working its way through Congress that would create a cyber office with a leader who reports directly to the Secretary of State. The bill was passed by the House earlier this year and awaits consideration in the Senate.

“It needs to be a strong, unified voice, and hopefully they’ll get back there soon,” he said of State Department cybersecurity efforts.

While Painter has not served in government since 2017, he remains in the cybersecurity space, serving as president of the foundation board of the Global Forum on Cyber Expertise. He also serves on the board of directors for the Center for Internet Security and co-hosts the “Inside Cyber Diplomacy” podcast for the Center for Strategic and International Studies.

Painter’s interest in cybersecurity bleeds into his hobbies outside of work, which include watching hacker-related and sci-fi movies, along with enjoying travel and good wine, which he credits to his time spent in California.

Painter said he “never thought” his career would take the path it has but that it’s been “fascinating.”

“I talk to people, they say, ‘How can I get into this? How can I do what you do?’ and I tell them, there’s no real path, you just have to be passionate about the subject and just open to opportunities, and I count myself lucky,” Painter said.

He also expressed optimism for the future of cybersecurity at the federal level following unprecedented public interest in the topic over the past year amid incidents including a ransomware attack on Colonial Pipeline.

“I’m guardedly optimistic because it’s now getting so much attention, but that doesn’t mean we’re even close to combating the threat. We need to do a lot more,” Painter said.

-Updated at 10:15 a.m.