National Security Adviser John Bolton's alleged push to eliminate the White House's cybersecurity coordinator position with the departure of Rob Joyce has raised concerns that the administration will backburner cybersecurity.
“This is a major mistake and a poor message to send to the world,” said Joseph Carson, chief security scientist at Thycotic, who cited a World Economic Forum report calling out cyberattacks as “the third greatest impact to global economies” behind natural disasters and climate change. “If Mr. Bolton eliminates the essential White House Cybersecurity job without a concrete plan to keep all government agencies aligned, this could be the second greatest mistake by the White House following the withdrawal of the Paris Agreement.”
President Obama fulfilled a campaign pledge to prioritize cybersecurity by creating the position and tapping the late Howard Schmidt, a former police officer who parlayed a passion for technology into chief security roles at eBay, Microsoft and the White House, in 2009 as the first White House cybersecurity coordinator.
Carson said he would be surprised if the duties of the position consequently fell to Bolton's deputy, Mira Ricardel as was suggested by a source cited in a Politico report. “It really needs someone with expertise and knowledge on the cyber threat landscape and not another lawyer. Though, the U.S. could do with some legal improvements to combat cybercrime.”
Noting that information cyberwars have become a major disruption to the American way of life and cyberattacks continue to cross borders, making it nearly impossible to determine attribution, Carson said nation-state cooperation and transparency are more critical than ever before. Otherwise, cybercriminal groups, some of them state-sanctioned, will continue to attack the private sector and governments. “This will continue to grow as a major problem with a possibility of a full cyberwar as retaliation and with no expert in the White House to see through the fog of threats then this could result in a major disaster,” he said. “I know that autonomous vehicles allow you to get around without driving but with cybersecurity you really need an expert in the driving seat and this could mean no one is driving the White House on protecting the citizens from cyberattacks.”
Just hours before announcing in April that he would resign, Joyce said the U.S. was prepared to take aggressive action against Russia for a recent, extended campaign of cyberattacks on infrastructure assets around the world by compromising devices such as routers and firewalls.
“When we see malicious cyberactivity, whether it be from the Kremlin or other nation-state actors, we are going to push back,” Joyce told reporters after the U.S. and the U.K. laid the blame for the attacks squarely on Russia's shoulders.
“It is clear to everybody that cybersecurity needs to be the highest priority at all levels. Not having a dedicated person focused on the cybersecurity strategy causes two different challenges - one is the fact that there will be no dedicated focus on public-private cybersecurity strategies, cyber laws etc…and second is that it will send a wrong message to other nations and malicious actors,” said Rishi Bhargava, co-founder of Demisto.
Bhargava underscored the importance of having a pro in the White House focused on cybersecurity. “We have all seen in our careers that anytime you put dedicated focus and a dedicated person with responsibility on any task that does get done better and faster,” he said. “Even though the current proposal says that the cybersecurity duties will be adopted by somebody already in place, it does mean that the overall strategies and actions will suffer if there is no dedicated person to this matter.”
But David Ginsburg, vice president of marketing at Cavirin, said the elimination of the White House cybersecurity coordinator position doesn't necessarily mean that the U.S. is demoting cybersecurity but rather may make it a priority under the umbrella of the military. “Initial reporting doesn't mention that the U.S. has just elevated this to a major command, recognizing the severity and potential impact of cyberwarfare and the need to protect the overall cyber posture of the U.S.,” said Ginsburg. “Many believe that it may be too much transfer of what could be considered a civilian function to the military, however, that is the world we live in today. It is not like a Drug Czar or a cabinet secretary dealing with education or housing. A concerted external attack is an existential threat against the U.S., and the attackers are many times military (China, North Korea, Russia).”