Just weeks after Brandon Wales unexpectedly became acting director at the Cybersecurity and Infrastructure Security Agency on Nov. 20, 2020, he learned of a highly sophisticated cyber intrusion digging its way into commercial and federal computer networks. It became known as SolarWinds, one of the most significant cyber incidents in U.S. history.
A cascading series of cyber and ransomware attacks on major U.S. companies fell onto Wales’ plate in quick succession once he became leader of the agency charged with protecting the nation’s cyber and physical infrastructure. At the same time, the cyber agency, created in 2018, was working to protect the COVID-19 vaccine supply chain and keep its own employees safe during the pandemic.
“Brandon Wales’ leadership of the agency directly protected countless American businesses, communities and families from highly damaging cyberattacks,” according to Kiersten Todt, CISA’s chief of staff. “This was most clearly reflected in the agency’s efforts to protect the COVID-19 vaccine supply chain and reduce the risk of catastrophic ransomware attacks.”
On that front, Wales led the agency as it provided cybersecurity assistance to more than 60 critical commercial and governmental organizations, from vaccine research facilities to manufacturing hubs and distribution networks. CISA also provided guidance and support to help countless school districts, hospitals and companies protect their computer networks from cyberattacks.
That Wales was called on to step in to lead the agency’s 2,500 employees at all was because the appointed director, Christopher Krebs, had been fired by President Trump after the release of a statement from CISA calling the 2020 election “the most secure in American history.”
The dismissal, a DHS official told an NPR reporter at the time on background, would “rock CISA.”
Far from it, according to Krebs. Instead, Wales started communicating almost immediately with the White House, and agency and external partners.
“I can just flat out say there was no drop-off at all,” Krebs said. “Brandon was absolutely the right person at the right time.” Wales’ regular job as the agency’s executive director made him well-versed in translating policy concepts into plans, and he was intimately involved in all high-priority activities, Krebs added.
Although Wales was “thrown into it unceremoniously,” Krebs said, “he did just a remarkable job leading the agency for eight or so months until [the new director] came in.”
But nothing was certain at the beginning of Wales’ tenure. “It was a moment when the agency could have unraveled,” said Jen Easterly, who was confirmed by the Senate as the agency’s director in July 2021. “Brandon stepped in, solidified the agency’s reputation and led us in huge operations and technical endeavors.”
Thanks to his management at the top, Easterly said, she “came into an agency not in disarray but on the rise.”
While Wales served as the top agency leader, the attacks kept coming—ransomware attacks against Colonial Pipeline, the nation’s largest pipeline system for refined oil products; against JBS, the world’s largest meat supplier; against Kaseya, an IT solutions developer; and others.
“To say he was multitasking would be a huge understatement,” Todt said. “He was managing significant events in the public eye and maintaining a semblance of order in a young agency that was still being built … in a role he didn’t expect to have.”
Wales, described by colleagues as humble, also listened to and valued suggestions. In the midst of the cyberattacks around the country, Eric Goldstein, executive assistant director at CISA, proposed that CISA consolidate in one place the government’s recommendations and guidance for the public on securing networks against ransomware attacks. Wales quickly bought in.
“It’s a good model for how we want the government to work in an integrated way,” Wales said. “It’s what the American people expect from us.”
Prescient in anticipating the wave of ransomware attacks that eventually hit school districts, hospitals and other entities, Wales launched a national Ransomware Awareness Campaign early in 2021 to inform the public about the peril likely headed their way and to promote the new website that people and organizations could turn to for assistance: stopransomware.gov.
Since the site launched, the resources found there have been accessed more than half a million times and helped thousands of organizations prevent and recover from ransomware incidents, according to Todt.
With an eye on Russia as one of the malicious actors always intent on breaching U.S. networks, Wales also positioned the agency to “lead the national response to understand, contain and remediate access by Russian intelligence into some of our most critical agencies,” Goldstein said.
That work became the foundation for the vital assignment Wales is now undertaking. In late February, President Joe Biden designated the Department of Homeland Security as the lead federal department for domestic preparedness and response related to the current Russia-Ukraine crisis. DHS Secretary Alejandro Mayorkas then formed the Unified Coordination Group and called on Wales to lead it.
“The department has 250,000 people,” Easterly said. “Brandon is the one person the secretary hand-picked to be civilian lead.”
Along with his mastery of the subject matter, Wales outlook also serves the agency well, Goldstein said.
“Brandon is somebody who, even on the worst day, brings that steady hand, that focus, that diligence to the mission.”