Andrew Grotto

Research Fellow
Biography: 

Andrew J. Grotto is a Research Fellow at the Hoover Institution and the William J. Perry International Security Fellow at the Center for International Security and Cooperation, both at Stanford University.

Grotto’s research interests center on the national security and international economic dimensions of America’s global leadership in information technology innovation, and its growing reliance on this innovation for its economic and social life. He is particularly interested in the allocation of responsibility between the government and the privater sector for defending against cyber threats, especially as it pertains to critical infrastructure; cyber-enabled information operations as both a threat to, and a tool of statecraft for, liberal democracies; opportunities and constraints facing offensive cyber operations as a tool of statecraft, especially those relating to norms of sovereignty in a digitally connected world; and governance of global trade in information technologies.

Before coming to Stanford, Grotto was the Senior Director for Cybersecurity Policy at the White House in both the Obama and Trump Administrations. His portfolio spanned a range of cyber policy issues, including defense of the financial services, energy, communications, transportation, health care, electoral infrastructure, and other vital critical infrastructure sectors; cybersecurity risk management policies for federal networks; consumer cybersecurity; and cyber incident response policy and incident management. He also coordinated development and execution of technology policy topics with a nexus to cyber policy, such as encryption, surveillance, privacy, and the national security dimensions of artificial intelligence and machine learning. 

At the White House, he played a key role in shaping President Obama’s Cybersecurity National Action Plan and driving its implementation. He was also the principal architect of President Trump’s cybersecurity executive order, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.”

Grotto joined the White House after serving as Senior Advisor for Technology Policy to Commerce Secretary Penny Pritzker, advising Pritzker on all aspects of technology policy, including Internet of Things, net neutrality, privacy, national security reviews of foreign investment in the U.S. technology sector, and international developments affecting the competitiveness of the U.S. technology sector.

Grotto worked on Capitol Hill prior to the Executive Branch, as a member of the professional staff of the Senate Select Committee on Intelligence. He served as then-Chairman Dianne Feinstein’s lead staff overseeing cyber-related activities of the intelligence community and all aspects of NSA’s mission. He led the negotiation and drafting of the information sharing title of the Cybersecurity Act of 2012, which later served as the foundation for the Cybersecurity Information Sharing Act that President Obama signed in 2015. He also served as committee designee first for Senator Sheldon Whitehouse and later for Senator Kent Conrad, advising the senators on oversight of the intelligence community, including of covert action programs, and was a contributing author of the “Committee Study of the Central Intelligence Agency’s Detention and Interrogation Program.”

Before his time on Capitol Hill, Grotto was a Senior National Security Analyst at the Center for American Progress, where his research and writing focused on U.S. policy towards nuclear weapons - how to prevent their spread, and their role in U.S. national security strategy.

Grotto received his JD from the University of California at Berkeley, his MPA from Harvard University, and his BA from the University of Kentucky.

Filter By:

Topic

Type

Recent Commentary

Analysis and Commentary

U.S. Policy Toolkit For Kaspersky Labs

by Andrew Grottovia Lawfare
Thursday, March 15, 2018

In February, the White House attributed “the most destructive and costly cyberattack in history,” a summer 2017 attack affecting critical infrastructure and other victims around the world, to Russian intelligence services. The malicious code used in the attack, known as NotPetya, permanently encrypts the data on the computers that it has infected, essentially destroying them.

Hearing on Cybersecurity and California Elections

by Andrew Grottovia Joint Informational Hearing of the California Legislature
Wednesday, March 7, 2018

Hoover Institution fellow Andrew Grotto's testimony before a Joint Informational Hearing of the California Legislature on “Cybersecurity and California Elections.”