Andrew Grotto

Andrew Grotto

Andrew Grotto

  • Research Scholar, Center for International Security and Cooperation
  • Former Director, Program on Geopolitics, Technology, and Governance

CISAC
Stanford University
Encina Hall, C428

Stanford, CA 94305-6165

(650) 723-9866 (voice)

Biography

Andrew J. Grotto is a research scholar at the Center for International Security and Cooperation at Stanford University.

Grotto’s research interests center on the national security and international economic dimensions of America’s global leadership in information technology innovation, and its growing reliance on this innovation for its economic and social life. He is particularly interested in the allocation of responsibility between the government and the private sector for defending against cyber threats, especially as it pertains to critical infrastructure; cyber-enabled information operations as both a threat to, and a tool of statecraft for, liberal democracies; opportunities and constraints facing offensive cyber operations as a tool of statecraft, especially those relating to norms of sovereignty in a digitally connected world; and governance of global trade in information technologies.

Before coming to Stanford, Grotto was the Senior Director for Cybersecurity Policy at the White House in both the Obama and Trump Administrations. His portfolio spanned a range of cyber policy issues, including defense of the financial services, energy, communications, transportation, health care, electoral infrastructure, and other vital critical infrastructure sectors; cybersecurity risk management policies for federal networks; consumer cybersecurity; and cyber incident response policy and incident management. He also coordinated development and execution of technology policy topics with a nexus to cyber policy, such as encryption, surveillance, privacy, and the national security dimensions of artificial intelligence and machine learning. 

At the White House, he played a key role in shaping President Obama’s Cybersecurity National Action Plan and driving its implementation. He was also the principal architect of President Trump’s cybersecurity executive order, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.”

Grotto joined the White House after serving as Senior Advisor for Technology Policy to Commerce Secretary Penny Pritzker, advising Pritzker on all aspects of technology policy, including Internet of Things, net neutrality, privacy, national security reviews of foreign investment in the U.S. technology sector, and international developments affecting the competitiveness of the U.S. technology sector.

Grotto worked on Capitol Hill prior to the Executive Branch, as a member of the professional staff of the Senate Select Committee on Intelligence. He served as then-Chairman Dianne Feinstein’s lead staff overseeing cyber-related activities of the intelligence community and all aspects of NSA’s mission. He led the negotiation and drafting of the information sharing title of the Cybersecurity Act of 2012, which later served as the foundation for the Cybersecurity Information Sharing Act that President Obama signed in 2015. He also served as committee designee first for Senator Sheldon Whitehouse and later for Senator Kent Conrad, advising the senators on oversight of the intelligence community, including of covert action programs, and was a contributing author of the “Committee Study of the Central Intelligence Agency’s Detention and Interrogation Program.”

Before his time on Capitol Hill, Grotto was a Senior National Security Analyst at the Center for American Progress, where his research and writing focused on U.S. policy towards nuclear weapons - how to prevent their spread, and their role in U.S. national security strategy.

Grotto received his JD from the University of California at Berkeley, his MPA from Harvard University, and his BA from the University of Kentucky.

publications

Reports
May 2022

Achieving Allied Resiliency Against Threats to the Semiconductor Supply Chain

Author(s)
cover link Achieving Allied Resiliency Against Threats to the Semiconductor Supply Chain
Journal Articles
March 2022

What to Make of Microsoft’s Year in Cybersecurity

Author(s)
cover link What to Make of Microsoft’s Year in Cybersecurity
Commentary
September 2021

Response to “Request for Information: Artificial Intelligence Risk Management Framework” (86 FR 40810)

Author(s)
cover link Response to “Request for Information: Artificial Intelligence Risk Management Framework” (86 FR 40810)