Euro Security Watch with Mathew J. Schwartz

Governance & Risk Management

White House Might Eliminate Cyber Coordinator Role

With Rob Joyce's Imminent Departure, Power Grab Now Underway, Politico Reports
White House Might Eliminate Cyber Coordinator Role
Rob Joyce, the White House cybersecurity coordinator, speaking at University of Maryland University College on Oct. 10, 2017.

Adequately tracking the arrival and departure - ouster, resignation, fall from grace - of officials in President Donald Trump's White House might be best suited to real-time, multidimensional flowcharts.

See Also: Live Webinar | Navigating Identity Threats: Detection & Response Strategies for Modern Security Challenges

But one thing is clear: The White House is facing a looming cybersecurity knowledge and expertise deficit. And that deficit may soon get worse.

In recent weeks, two of the administration's top cybersecurity leaders have either departed or announced their imminent departure, including Rob Joyce, the White House cybersecurity coordinator.

There is also a move afoot in Trump's administration, led by his new, hawkish National Security Adviser, John Bolton, to eliminate the cybersecurity coordinator role altogether, Politico first reported on Wednesday.

Many former insiders, however, have warned that doing so sends a dangerous message at a time when nation-states - especially Russia, China, North Korea and Iran - are increasingly launching online reconnaissance and attack campaigns, with some designed explicitly to destabilize American society (see Russia Will Meddle in US Midterm Elections, Spy Chief Warns).

"This would be a huge step backwards," said Chris Painter, a former coordinator for cyber issues at the U.S. State Department, via Twitter.

Role: Cybersecurity Coordinator

The cybersecurity coordinator role was created by President Barack Obama at the start of his administration. It has been tasked with leading a team of National Security Council staffers who coordinate the administration's approach to numerous matters, including election security, responding to nation-state hackers and developing policies on encryption.

Eliminating the role might signal to other countries "that the U.S. is taking the gas pedal off of cybersecurity as a key national security issue," Megan Stifel, a former NSC director for international cyber policy, told Politico. "With no one at the helm at the White House to manage this process, I worry about which countries will step in."

The role is currently held by the departing Joyce, who previously led the NSA's Tailored Access Operations team - its top hacking group - and who reportedly plans to return to the NSA (see The Evolving Hacker Mantra: Simplicity).


Rob Joyce discusses how the White House cybersecurity coordinator role operates in this excerpt from his keynote speech at the "Cyber at the Crossroads" conference at the University of Maryland University College on Oct. 10, 2017.

Joyce has described the role as being essential for coordinating policies in a White House in which "there's a lot of differing opinions about the right way ahead."

Follows Bossert's Ouster

Joyce's planned departure follows that of his boss, Tom Bossert, who served as the White House assistant for homeland security and counterterrorism from the start of Trump's administration until April 10. Assistants to the president are the top-level of senior staff within the Executive Office of the President.

During his tenure, Bossert was instrumental in guiding the White House's approach to cybersecurity matters (see Who Is Trump's Top Security Adviser Tom Bossert?). Notably, Bossert called out North Korea for being behind WannaCry and also briefed the nation on President Trump's cybersecurity executive order.

Tom Bossert, then the Trump administration's homeland security adviser, briefs the White House press corps on Trump's cybersecurity executive order, on May 11, 2017.

Joyce, meanwhile, reportedly drove the administration to hold the nation-states behind state-sponsored hacking campaigns to greater account, and also pushed for the U.S. government to share more vulnerability details with the private sector via its so-called Vulnerabilities Equities Process (see Post-WannaCry, Microsoft Slams Spy Agency Exploit-Hoarding).

Bossert's departure appears to have been engineered by John Bolton, who on April 9 began serving as the White House national security adviser. Politico reports that Bolton's deputy, Mira Ricardel, might absorb the cybersecurity coordinator function into her office.

Such a move might presage Bolton and Ricardel not seeking to coordinate the administration's cybersecurity policy so much as set it.

Joyce Cancels RSA Appearance

Bossert oversaw Joyce's work. Since Bossert's departure, Joyce has been temporarily filling his shoes.

"The United States possesses a full spectrum of response options - both seen and unseen - and we will use them to call out malign behavior, punish it, and deter future cyber hostility," Department of Homeland Security Secretary Kirstjen M. Nielsen said in a presentation at the RSA conference in April. (Photo: Mathew Schwartz)

Joyce had been due to deliver a keynote presentation on "Cybersecurity: A View From the White House" at last month's RSA Conference in San Francisco but canceled at the last minute, prompting speculation that he might be departing the White House.

Despite his absence, the conference did feature participation by other officials, including Department of Homeland Security Secretary Kirstjen M. Nielsen (see DHS Secretary: US Won't Tolerate Cyber Meddling).

The National Security Agency's David Hogue, who's in charge of defending the U.S. Department of Defense's unclassified networks, also shared attack insights gleaned from the DOD's security operations center (see NSA: The Silence of the Zero Days).

Returning to NSA

Joyce reportedly plans to depart on Friday. A White House official told Reuters on April 17: "Joyce is three months past his detail of a year and is deciding to return to NSA."

Joyce has been lauded for his technical acumen, with some contrasting his expertise with that of his predecessor, Michael Daniel, who came under fire from some quarters for not being an information security expert (see In Defense of Michael Daniel).

Speaking to Reuters, Robert Lee, a former U.S. intelligence officer and president of industrial control system cybersecurity firm Dragos, says of Joyce: "He'll be missed in the position but hopefully set a standard that future appointments to the position will follow."



About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.