But those agency-level actions clashed with the politics of the Trump White House, most visibly in the firing of Krebs in November. Daniels argues that dissonance, as well as a more general lack of attention from the White House, resulted in a disorganized response when the administration faced the surprise of the SolarWinds hack. Even before Trump’s Twitter comments undermining the seriousness of the hacking campaign and the attribution to Russia, Daniels points out, CISA and the NSA each released separate reports about the intrusions that probably ought to have been combined, had each agency been aware of the other’s work. “It’s in the crisis moments that you can see the central leadership really missing,” says Daniels.
More broadly, Daniels argues, the lack of coordination across agencies means lost opportunities to amplify actions with diplomacy, White House statements, or economic pressure. He points, by contrast, to examples of responses to Chinese hacking in the Obama administration, when the White House, State Department, Treasury, and the Department of Justice all closely aligned their messaging that China’s state-sponsored theft of private-sector intellectual property needed to stop. “Whether it was at the secretarial level, whether it was at the presidential level, ambassadors, or elsewhere, part of the talking points was pushing on this issue of the theft of intellectual property. The message was organized and coherent, and it was backed up by things that we were doing in other areas.” The result, Daniels says, was a landmark agreement between Obama and Chinese president Xi Jinping that neither would engage in state-sponsored hacking of the other’s private sector for commercial gain, an agreement that led to an immediate drop-off in Chinese intrusions in US targets.
That sort of coordination has been lacking from the Trump administration most visibly since 2018, when Trump’s then-national security adviser, John Bolton, summarily removed both Rob Joyce, Trump’s cybersecurity coordinator, and homeland security adviser Tom Bossert, Trump’s most senior cybersecurity-focused official. Joyce, who had formerly led the NSA’s elite Tailored Access Operations team, returned to a position at the NSA, but neither he nor Bossert were ever replaced in their White House roles.
Bossert today say he’s been dismayed by the Trump administration’s chaotic response to the SolarWinds breaches, particularly on the question of attributing the operation to a nation-state, which he argues should be the responsibility of the federal government. “It’s important that the government provide some leadership here,” Bossert says. “The government at the very least has a responsibility not to misattribute or cloud the attribution.” Instead, Trump’s tweet casting suspicion on China has only muddied the waters.
Other than this most recent imbroglio, however, Bossert argues that the Trump administration’s aggressive cybersecurity policies have been effective and that they aren’t just an accident or the result of a leadership vacuum. He says that along with Joyce and others in the Trump administration, he tried to instill in officials a preference for action rather than deliberation. He describes a conversation with Joyce early on, in which Joyce told Bossert that they needed to “play jazz music,” as he put it.
“Instead of sitting down and composing a whole orchestra on sheet music, you want to actually make the music by playing it,” says Bossert, who now serves as the president of cybersecurity firm Trinity Cyber. Rather than create policy by debating rules and norms on paper, you create it by taking action. “I said, yeah, we’re going to have a bent toward action and make decisions and policies as we go.” That bent, Bossert says, led to moves to call out North Korea for its use of the destructive WannaCry worm in May 2017, for instance, and to call out and then sanction Russia for its deployment of the even more destructive NotPetya worm that hit the following month.