A National Security Council official confirmed on Tuesday that the cybersecurity coordinator position has been scrapped by the White House.
The position, established by President Obama in 2009, was seen as the most senior cybersecurity role in the government. It was previously held by Rob Joyce, who left the post a few weeks ago to return to the NSA. According to Reuters, cyber policy experts, legislators and former officials had urged Trump to replace Joyce rather than eliminating the position.
However, a memo circulated by an aide to the new national security adviser, John Bolton, said the post was no longer necessary, as lower-level officials had already made cybersecurity issues a “core function” of the president’s national security team. The New York Times reported that cybersecurity experts and members of Congress alike were “mystified” by the decision.
“Today’s actions continue an effort to empower National Security Council senior directors. Streamlining management will improve efficiency, reduce bureaucracy and increase accountability,” NSC spokesman Robert Palladino said in a statement.
At a minimum, this decision and the way that it’s being communicated send the wrong signal.
– J. Michael Daniel, President and CEO, Cyber Threat Alliance
Since Bolton’s appointment in March, the White House has seen “a raft of departures”, including Joyce and former Homeland Security Adviser Tom Bossert, who was “pushed out” on Bolton’s second day in the role.
Curtis Dukes, former head of cyber defense at the NSA, called Joyce’s departure “a huge loss for the country”, and Robert Lee, president of Dragos and a former U.S. intelligence officer, commented that many of the previous White House cyber coordinators had backgrounds ill-suited for the job, but that he hoped Joyce’s time in the role would set a standard for successors in the role.
Bossert had also been praised for his actions in his role, with Wired citing hopes that his more measured approach – which “surprised the cybersecurity world by hewing closely to the recommendations of bipartisan experts” – would make him a “voice of reason” in the administration.
The responsibilities of the cybersecurity coordinator role will now be delegated to two senior NSC directors, Joshua Steinman (who the New York Times reports “had little cybersecurity policy experience before joining the N.S.C.”) and Grant Schneider (currently acting United States CISO and senior director for cybersecurity at the NSC).
The decision has caused some controversy.
“At a minimum, this decision and the way that it’s being communicated send the wrong signal,” said J. Michael Daniel, who served as cybersecurity coordinator under President Obama and currently heads up the Cyber Threat Alliance. “Certainly I think that our adversaries could interpret that as a signal that this administration doesn’t take the issue as seriously, regardless of if that’s actually their intent.”
Given the rapidly developing nature of cyberthreats and the need for clear and up-to-date policies in the area, some have questioned the decision to move towards a less centralised decision-making structure.
“I think it’s probably fair that there’s more policy work to be done right now on cyber than in certain other areas, because it is in a formative stage,” says Joshua Geltzer, former senior director for counterterrorism at the NSC and executive director of Georgetown Law School’s Institute for Constitutional Advocacy and Protection. “You’re at a point where you’re seeing new sorts of cyberthreats materialize.”
Daniel commented that: “There’s a reason why you wanted to have a focal point for cybersecurity policy in one position.”
Palladino reassured those concerned about whether this move would in fact improve efficiency, saying “as they sit six feet apart from one another, they will be able to coordinate in real time.”