Bolton pushing to eliminate White House cyber job – By Eric Geller (politico.com) / May 9 2018
The move could send the message ‘that the U.S. is taking the gas pedal off of cybersecurity,’ one former NSC official says.
President Donald Trump’s national security team is weighing the elimination of the top White House cybersecurity job, multiple sources told POLITICO — a move that would come as the nation faces growing digital threats from adversaries such as Russia and Iran.
John Bolton, Trump’s hawkish new national security adviser, is leading the push to abolish the role of special assistant to the president and cybersecurity coordinator, currently held by the departing Rob Joyce, according to one current and two former U.S. officials with direct knowledge of the discussions.
The sources spoke on condition of anonymity because of the sensitive nature of deliberations about internal White House operations.
Cybersecurity experts and former National Security Council officials expressed alarm at the idea of eliminating the job, saying it would undo much of the progress the U.S. has made on cyber efforts and send the wrong message about U.S. priorities in the digital domain. The coordinator — a post created at the beginning of the Obama administration — leads a team of NSC staffers who manage federal cyber strategy on everything from election security to encryption policies to digital warfare.
Bolton’s deputy, Mira Ricardel, supports the idea of eliminating the coordinator role, according to two of the sources. “She’s thinking about whether to simply pick up the [cyber] function on her own,” said one of the former U.S. officials, who added that the odds were “60-40” that the White House would eliminate the job.
While Bolton has advocated a more aggressive cyber strategy against U.S. adversaries than past administrations — for example, talking about a “retaliatory cyber campaign against Russia” — he has also told staff that he intends to reorganize the entire NSC. Those “changes could include combining higher-level director positions,” according to a memo Fox News cited last month.
Losing the cyber coordinator post “would be a tremendous disappointment,” said Kiersten Todt, who managed former President Barack Obama’s cybersecurity commission and is now resident scholar at the University of Pittsburgh Institute for Cyber Law, Policy, and Security. Obama’s commission had recommended in its final report that the White House elevate the cyber coordinator to the rank of assistant to the president, on par with the national security adviser and homeland security adviser.
Megan Stifel, a former NSC director for international cyber policy, said eliminating the post might send a message to other nations “that the U.S. is taking the gas pedal off of cybersecurity as a key national security issue.”
“With no one at the helm at the White House to manage this process, I worry about which countries will step in,” she said.
The White House deliberations on the fate of the coordinator role come as the Trump administration faces numerous challenges in the cyber arena, from Russian intrusions into election systems and power grid equipment, to cyber thefts by China and North Korea, to Iranian hackers who may be newly emboldened by Trump’s abrogation of the international nuclear deal. Experts say the absence of this critical position could leave the government without a cohesive strategy for confronting these issues.
“Given the complexities of the issues that we face in cyberspace … you’re going to have to have somebody that’s focused on dealing with those issues at the White House level,” said Michael Daniel, the Obama administration’s cyber coordinator from 2012 to 2017.
The internal debate over the cyber adviser job is the latest example of government dysfunction in the digital security realm. On Tuesday, the Senate Intelligence Committee released a summary of its recommendations related to election security, highlighting several areas where agencies like DHS fell short during the hack-plagued 2016 election.
Joyce, who took the cyber coordinator job shortly after Trump’s arrival at the White House, is a widely respected career cyber professional who spent nearly 30 years at the National Security Agency. He plans to return to the intelligence agency Friday.
At the White House, Joyce oversaw the Trump administration’s response to several major cyber incidents over the past year, including the WannaCry and NotPetya malware outbreaks that raced around the world and crippled computers at government agencies and major businesses. He also led the overhaul and publication of the government’s once-secret plan for deciding when to tell tech companies about digital flaws that agencies discover.
The two former officials said that Joyce is leaving in part because of frustration with how Bolton’s team approaches cyber policy. When Bolton arrived, he forced out homeland security adviser Tom Bossert, a cyber expert who supervised Joyce’s team in addition to managing the government’s response to natural disasters and terrorist attacks.
In a brief statement, the White House did not deny that the coordinator role might be eliminated. “Cyber is a key priority for the Trump Administration,” NSC spokesman Robert Palladino told POLITICO. The NSC, he said, was “committed to assembling an effective team to advance the President’s agenda of protecting Americans and American interests.”
Some former officials expressed concern that without a cyber coordinator, day-to-day leadership of the team would fall to Josh Steinman, the senior director for the NSC cyber team’s foreign policy portfolio. Steinman, a protégé of ousted former national security adviser Michael Flynn, has set his sights on replacing Joyce and has spent months criticizing him, sources previously told POLITICO, but had scant cyber policy expertise before joining the White House after Trump’s inauguration. As senior director, he has clashed with career staffers, according to the current and two former officials.
Steinman did not respond to an email seeking comment. Palladino, the NSC spokesman, defended Steinman, calling him “a trusted advisor” and an “effective member” of the NSC. “Josh has effectively advocated to modernize and streamline efforts to advance our values in cyberspace and protect the United States,” he said.
The current official and several former officials described the situation as fluid and said the White House was still considering replacing Joyce. Christopher Krebs, a top DHS cyber official, “was actively soliciting names” for a new cyber coordinator at the RSA Conference, a cybersecurity industry gathering in San Francisco last month, according to a former White House cyber official. This person added that Krebs may have been doing so on his own initiative and not at Bolton’s request.
But a second former U.S. official contested this, saying the decision to eliminate the job appeared all but final. “They’re not even interested in replacements,” this former official said. “Because people on the team have asked. And they said, ‘Nope, hold your suggestions. We don’t know what we’re going to do with the position.’ So of course everyone was a little on pins and needles when they heard that.”
This former official said Bolton did not consider cybersecurity a priority. “He’s not interested in it. He doesn’t see the point in it,” the source said. “There’s a serious concern on the [NSC] right now, particularly the [cyber team], of what the fate of their directorate is moving forward.”
Morale on the cyber team “is definitely low,” the former official added.
Stifel, the former NSC international policy staffer, said federal agencies aren’t capable of coordinating their cyber strategies without centralized guidance.
“Left to their own devices, the agencies will likely put themselves, their interests, and their authorities above others,” predicted Stifel, now the cyber policy director at Public Knowledge. The result, she said, could be “more assertive action” by U.S. Cyber Command, the military unit in charge of cyber warfare, or “a return to the days when 3-4 department components raced to be first in when a U.S. private sector entity was breached.”
One former official conceded that Ricardel — Bolton’s deputy — appears qualified to oversee the cyber portfolio. She spent five years in senior Pentagon roles during the George W. Bush administration and was the top adviser to the secretary of Defense for a region that included Russia. Later, as acting assistant secretary for international security policy, she was responsible for missile defense, space policy and the Pentagon’s relationships with NATO and European allies. But the person worried that with everything on her plate, she would not have enough “bandwidth” to handle the extra cyber role.
Rob Knake, a former NSC director for cyber policy, said the White House cyber job is important to private companies as well. It’s “a much more public-facing role [than other NSC team leaders] in a sector of national security that requires close coordination with the private sector, even far more so than incident response on the physical side,” he said.
Obama promised during the 2008 campaign to make cybersecurity a “top priority,” including by appointing “a national cyber adviser who will report directly to me,” but it took him until December 2009 to name veteran cyber executive Howard Schmidt to be his cyber coordinator. Schmidt, who passed away in March, had led Microsoft’s cyber program and served as the first president of the IT sector’s cyber threat information sharing organization.
Schmidt left the White House in May 2012, and Obama replaced him with Michael Daniel, then head of the OMB’s intelligence branch. Daniel’s tenure saw major cyberattacks such as the hacking of the Office of Personnel Management by Chinese intelligence operatives, North Korea’s breach of Sony Pictures Entertainment, Iran’s crippling attack on a Saudi oil giant and the Russian government’s interference with the 2016 presidential election.
Cyber experts and former officials said that both Schmidt and Daniel served ably in a tremendously challenging job. Knake, now a senior fellow at the Council on Foreign Relations, said that compared with other NSC team leaders, the cyber coordinator position “has been a little bit inflated historically, because there have been some pretty big names in that role.”
https://www.politico.com/story/2018/05/09/bolton-white-house-cyber-czar-523430?cid=apn