White House Eliminates Cybersecurity Coordinator Role
The White House eliminated the position of cybersecurity coordinator on the National Security Council on Tuesday, doing away with a post central to developing policy to defend against increasingly sophisticated digital attacks and the use of offensive cyber weapons.
A memorandum circulated by an aide to the new national security adviser, John R. Bolton, said the post was no longer considered necessary because lower-level officials had already made cybersecurity issues a “core function” of the president’s national security team.
Cybersecurity experts and members of Congress said they were mystified by the move, though some suggested Mr. Bolton did not want any competitive power centers emerging inside the national security apparatus.
The decision was criticized by Mark R. Warner, a senator from Virginia and the ranking Democrat on the Senate Intelligence Committee. “I don’t see how getting rid of the top cyber official in the White House does anything to make our country safer from cyber threats,” he wrote on Twitter.
It was the latest in a series of steps that appeared to run counter to the prevailing view in Washington of cybersecurity’s importance.
Two years ago, a commission established by President Barack Obama urged elevating the cybersecurity coordinator job and turning the position into an assistant to the president, on par to the assistant to the president for counterterrorism and homeland security — a reflection that various federal agencies did not have clear lines of authority or clear strategies in cybersecurity.
President Trump began his administration with two respected veterans of cyber policy. He appointed Thomas P. Bossert, a lawyer in the administration of President George W. Bush, as the homeland security adviser.
The cybersecurity coordinator who reported to him, Rob Joyce, had run the Tailored Access Operations unit of the N.S.A. — the unit that, until it was reorganized and renamed, was responsible for breaking into foreign computer systems as part of United States covert operations.
Mr. Bossert and Mr. Joyce said Russia and North Korea were the culprits in major cyberattacks over the last year, and together they developed a system for making more public the decisions about which vulnerabilities to turn over to the private sector for patching — and which to retain in America’s arsenal for possible offensive use.
Mr. Bossert was forced out on Mr. Bolton’s second day on the job, and Mr. Joyce returned to the N.S.A. on Friday.
It is unclear how those issues will now be managed in the White House. Mr. Bolton has virtually no cyber-related experience. When he was last in government, as ambassador to the United Nations under President George W. Bush, cybersecurity was not formally considered a national threat. It is now listed as the No. 1 threat in the annual assessment that the director of national intelligence sends to Congress.
Mr. Bolton has talked about “streamlining” the N.S.C., and so far that appears to have involved reducing many of the new positions created over the past decade.
The elimination of the cybersecurity role is likely to increase concern that the Trump administration is short-handed and unprepared to deal with increasing cybersecurity threats. The White House still has not presented a coherent plan to protect election systems in advance of the fall midterm elections.
Russian hackers are believed to have penetrated election computers in a number of states, though there is no evidence that vote counts were changed. And authorities say hackers with Kremlin ties engaged in a wide-ranging campaign to attack the computer systems of Democratic officials and spread misinformation on social media before and after the 2016 presidential election.
Security experts are also worried that hackers operating out of Iran or Russia could renew their efforts to penetrate computer systems in the United States, including machines that operate critical infrastructure like the electric power grid.
The responsibilities of White House cybersecurity coordinator will be delegated to two members of the N.S.C.’s team.
Joshua Steinman, who had little cybersecurity policy experience before joining the N.S.C., will assume responsibility for offensive policy, including responses to cyberthreats from foreign adversaries. The defensive and homeland security responsibilities will fall to Grant Schneider, who already serves in a dual role as acting United States chief information security officer and senior director for cybersecurity at the N.S.C.
“Moving forward, these senior directors will coordinate cyber matters and policy. As they sit six feet apart from one another, they will be able to coordinate in real time,” Robert Palladino, an N.S.C. spokesman, said in a statement.
Cybersecurity policy experts had been pressing the administration in recent weeks to keep the position. Michael Daniel, who was White House cybersecurity coordinator under the Obama administration, said the Trump administration was sending a message that “cybersecurity is not very important.”
“The position is actually a very important one,” Mr. Daniel said. “The cyber threat landscape only getting worse, it’s not getting easier right now.”