CISA’s top China specialist departs for role at CIA

The Cybersecurity and Infrastructure Security Agency’s point man on China stepped down recently.

Andrew Scott, who was appointed as CISA’s first-ever associate director for China Operations last year, has left the organization to take a role at the Central Intelligence Agency, Recorded Future News has learned. A CISA spokesman confirmed that Scott had stepped down. 

The CIA did not respond to a request for comment.

“During his time at CISA, Andrew was instrumental in working across the agency to develop a comprehensive multi-year plan to address the threat posed by PRC cyber actors to U.S. critical infrastructure,” CISA Director Jen Easterly said in a statement.

“This is a whole of agency effort, and as we turn the page from planning into execution, I couldn’t be more confident in the team at CISA to execute and to drive the urgent progress required to strengthen our nation’s security and resilience,” she added. 

“I am grateful for Andrew’s service to CISA and his continued service to our nation.”

Scott, who previously served at the CIA and most recently had been the special assistant to the president and senior director for cyber policy at the National Security Council, was brought in to oversee CISA’s various China initiatives, including handling the teams responsible for kicking Beijing’s hackers off U.S. networks and helping issue cybersecurity advisories to the public and private sectors.

His departure is the latest in a string of exits from the Homeland Security Department cyber wing. 

Brandon Wales, CISA’s executive director, also left his job earlier this month after 20 years of government service, just weeks after Eric Goldstein stepped down as the organization’s executive assistant for cybersecurity to rejoin the private sector. Both men have subsequently been replaced.

Senior personnel shake-ups aren’t unusual near the end of a presidential administration, but Scott’s move comes as national security officials throughout the federal government sound the alarm over Chinese government-linked hackers, most notably the group dubbed Volt Typhoon, and their deep penetration of American critical infrastructure.

On Tuesday, researchers revealed the group had broken into U.S. internet service providers, ostensibly to spy on users.

Speaking at the Billington State and Local Cybersecurity Summit in Washington, D.C. earlier this year, Scott said CISA was preparing for potential Chinese digital threats should conflict erupt between Washington and Beijing in the future.

“We’ve been running tabletop exercises for ourselves looking at the kind of environment that we might be faced with in a three- to four-year time frame in a worst case scenario,” he said during a panel discussion.

The “worst case outcome that we’re concerned about is not a one-off event. It is not a single hospital. It is multiple sectors simultaneously being disrupted with services being out,” he added.

Scott noted how Chinese hackers had evolved from espionage to prepositioning themselves inside U.S. networks to cause disruption and sow societal panic, especially in the event of a military conflict over Taiwan.

“They are prepositioned, they have the access that they need and if the order was given, they could disrupt some services in this country right now,” he said.