But these agency-level actions clashed with Trump’s White House policies, most visibly in the dismissal of Krebs in November. Daniels argues that the dissonance, along with a more general lack of attention on the part of the White House, resulted in a disorganized response when the administration was faced with the surprise of the SolarWinds hack. Even before Trump’s Twitter comments undermined the severity of the hacking campaign and attribution to Russia, Daniels points out, CISA and the NSA each issued separate reports of the intrusions that likely should have been combined, though each agency was aware of the other’s work. . “It’s in times of crisis that you can see the central management really absent,” Daniels says.
More generally, according to Daniels, the lack of coordination between agencies means lost opportunities to amplify actions through diplomacy, White House statements or economic pressure. He, by contrast, cites examples of responses to Chinese hacking in the Obama administration, when the White House, State Department, Treasury, and Justice Department all closely aligned their message that property theft intellectual private sector by the Chinese state needed to stop. “Whether at the level of the secretariat, whether at the presidential level, ambassadors or elsewhere, part of the discussion points focused on this issue of theft of intellectual property. The message was organized and cohesive, and it was supported by things we were doing in other areas. The result, Daniels said, was a historic agreement between Obama and Chinese President Xi Jinping that neither would engage in state hacking of the other’s private sector for commercial gain, a deal that led to an immediate drop in Chinese intrusions into US targets.
This kind of coordination has been very clearly lacking in the Trump administration since 2018, when Trump’s national security adviser John Bolton summarily removed Rob Joyce, Trump’s cybersecurity coordinator, and homeland security adviser. Tom Bossert, Trump’s official top cybersecurity official. Joyce, who previously led the NSA’s elite bespoke access operations team, took over a post at the NSA, but neither he nor Bossert was ever replaced in their White House roles.
Bossert said today he was appalled at the Trump administration’s chaotic response to SolarWinds violations, particularly over the issue of attribution of the operation to a nation-state, which he said should fall under the responsibility of the federal government. “It’s important for the government to show leadership here,” Bossert says. “The government has at the very least the responsibility not to misallow or obscure the attribution.” Instead, Trump’s tweet casting suspicion on China only muddied the waters.
Outside of this most recent mess, however, Bossert argues that the Trump administration’s aggressive cybersecurity policies have been effective and that they are not simply an accident or the result of a leadership vacuum. He says along with Joyce and other members of the Trump administration, he tried to instill in officials a preference for action over deliberation. He describes a conversation with Joyce at the start, in which Joyce told Bossert that they needed to “play jazz music,” as he put it.
“Instead of sitting down and composing an entire orchestra to sheet music, you actually want to make music while playing it,” says Bossert, who is now president of cybersecurity firm Trinity Cyber. Rather than creating policy by debating rules and standards on paper, you create it by taking action. “I said, yes, we’re going to lean into action and make decisions and policies as we go.” This fold, says Bossert, led to movements call on North Korea for its use of the destructive WannaCry worm in May 2017, for example, and then call sanction Russia for its deployment of the even more destructive NotPetya worm that hit the following month.