Brown CS Alum Nick Leiserson Has Been Named The White House’s Assistant National Cyber Director For Cyber Policy And Programs

    Click the link that follows for more news about recent accomplishments by our alums.

    Late last year, the White House’s Office of the National Cyber Director announced that Brown CS alum Nick Leiserson is the new Assistant National Cyber Director for Cyber Policy and Programs, serving under National Cyber Director Chris Inglis. By statute, their office serves as the primary advisor to the Biden-Harris administration on cybersecurity policy and incident response and works with national departments and agencies to implement national cybersecurity strategy.

    “On a day to day basis,” Nick explains, “it means working with departments and agencies to set policies and find ways to protect critical infrastructure though a mix of voluntary and regulatory approaches. Compared to our national security policy, there are a lot of players: for example, only a tiny fraction of the Food and Drug Administration’s staff are focused on security, but hospitals have been repeatedly targeted by cybercriminals. One of our challenges is making change in the vast number of areas that support key national functions but are owned and operated in the private sector.”  

    Leiserson says that one of the things that excites him most about his new role is simply the fact that the Office of the National Cyber Director exists. Already interested in cybersecurity when he became a staff assistant to Congressman James R. Langevin in 2010, the importance of the field was driven home on his fourth day on the job, when the Executive Cyberspace Coordination Act was released.

    “I learned quickly about why it was one of Congressman Langevin’s top priorities,” Nick says. “There are a lot of projects I’m enthusiastic about, but the most important thing is that there’s a ton of hard work to be done, the White House understands this, and we’re set up to make a difference. Anything we achieve, I see that as Congressman Langevin’s legacy. That’s very meaningful to me.”

    Looking back on his time at Brown, Nick remembers taking a class on privacy in the digital age from Brown’s Program in Public Policy during his junior year: “A good portion of the class was about the cybersecurity policy implications. We have the ability to collect so much more data now, due to automation, but what are the ramifications for society? Even if the collector and collectee fully agree on which entity has what, if there isn’t security, anyone could have access to it. My general impression was that we should be somewhere between modestly and extremely freaked out about this.”

    So, what’s to be done? Leiserson’s message to computer scientists is straightforward: you never know where the code you write will be used, so assume it’s somewhere that it can do a significant amount of harm, and code accordingly. “So often,” he says, “we see programmers saying, ‘There’s a really pernicious vulnerability in this library over here, but nobody’s using those functions right now, and someone else will fix it later…Oops, it shipped!’ What you’re writing code for now, once committed, may well be used for something else. Keep that in the back of your mind when writing it.”  

    As he begins his new role, Nick says he’s hoping that in the years ahead, the average person will need to make fewer decisions about their personal cybersecurity because more responsibility will be placed on creators and vendors of technology.

    “Security needs to be the default choice,” he says. “As just one example, look at how difficult it is to disable automatic update on certain browsers and run an outdated and potentially insecure version of the software. Someone like my mother will never turn it off and never be in that particular situation. The layperson won’t be absolved from having to make good security decisions, but we should teach people to use tools like password managers, which can make their lives easier and more secure at the same time.” 

    But if anything, Nick expects that the days to come will bring the average person an increasing number of reminders that they need to take cybersecurity precautions: “When they hear about Russia’s invasion of Ukraine, more and more people are realizing that the conflict is also a cyber war that’s being waged online. I don’t think we’re anywhere near a point when cybersecurity will start spending less time in the headlines.” 

    For more information, click the link that follows to contact Brown CS Communications Manager Jesse C. Polhemus.