President Trump on Thursday finally sent Congress a classified cybersecurity report detailing U.S. policy for defending the country against foreign nation state hackers.
The document was sent to the House and Senate committees with oversight of the departments of State, Homeland Security (DHS), Defense and Justice, The Hill reported. An accompanying letter announcing the report apparently didn’t provide any details of its contents.
Trump has been repeatedly criticized for not sufficiently addressing the cybersecurity threats facing the nation. Earlier this year, he asked Congress for $3.4 billion to fund a DHS division tasked with battling cyber threats to federal networks and critical infrastructure. A defense policy law rubber stamped last year required Trump to craft a national cybersecurity policy.
Cybersecurity Brain Drain; International Concerns
The administration’s newly documented cybersecurity strategy follows the departure of two key team officials, and a new joint Technical Alert compiled by the DHS, the Federal Bureau of Investigation (FBI) and the United Kingdom’s National Cyber Security Centre (NCSC). The warning provides information on the worldwide cyber exploitation of network infrastructure devices by Russian state-sponsored cyber actors.
Meanwhile, Rob Joyce, the feds’ cybersecurity coordinator, said earlier this week that he will return to the National Security Agency (NSA) where he’s worked for 25 years, ending a 14-month detail at the White House. Joyce, who commands extensive cybersecurity expertise, walked less than a week after DHS advisor Tom Bossert resigned on April 10.
Joyce and Bossert served as a liaison between the White House’s cybersecurity initiatives, Congressional legislators and the private sector. Both departures throw the President’s cybersecurity policies into deeper uncertainty: It’s difficult to know how the leadership shakeup will affect policy formulation but there’s a lot on the line. Joyce was a strong advocate of holding nation state hackers responsible for cyber attacks. For now, businesses worried about cybersecurity attacks won’t have an inside contact.
And Bossert, who previously served as a homeland security official under former president George W. Bush, championed cybersecurity and is said to have had a strong hand in the President’s cybersecurity executive order of 2017. It was Bossert who brought Joyce to Trump’s cybersecurity team (via The Hill).
NSC Changes Coming
With the exit of both Joyce and Bossert, new national security adviser John Bolton signaled he intends to overhaul the National Security Council (NSC). At this point, it’s not clear if or who Bolton will appoint to fill the former officials’ roles. It’s also possible that other agencies, such as DHS, will be tapped to implement the President’s cybersecurity framework.
Rep. John Ratcliffe (R-Texas), who chairs the House Homeland Security subcommittee on cybersecurity and is a strong supporter of Bossert and Joyce, told The Hill that while both team leaders will be difficult to replace, “you can replace great people with other great people.”
Joyce will stay on to help the administration transition to his replacement.
Late last year, seven members of the 27-seat National Infrastructure Advisory Council, which extends to national cybersecurity, resigned, pointing to Trump’s inadequate response to hacking threats.