Perimeter

4/17/2018
06:50 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Trump Administration Cyber Czar Rob Joyce to Return to the NSA

First year of Trump White House's cybersecurity policy mostly followed in the footsteps of the Obama administration.

RSA CONFERENCE 2018 – San Francisco – White House cybersecurity coordinator for the National Security Council and former National Security Agency official Rob Joyce plans to step down from his post and rejoin the intelligence agency.

Joyce, who was widely respected among cybersecurity industry experts, left on the heels of his supervisor, Tom Bossert, homeland security advisor, this month after President Trump named John Bolton as his new National Security Advisor replacing H.R. McMaster. While Bossert's departure is believed to be tied to Bolton's arrival, Trump administration officials have said Joyce is leaving on his own accord, and will remain in his position until Bolton selects a replacement.

Kirstjen Nielsen, who delivered a keynote address here today, told reporters that Joyce likely will remain on the job at the White House for another 30 days.

Joyce, the former chief of the NSA's elite hacking team's office of Tailored Access Operations (TAO), led the administration's cyber security policy for the past year for the White House. Overall, Trump's cybersecurity policy didn't veer much away from that of his predecessor: his May 2017 Executive Order for the most part echoes and builds on policies of previous administrations, including FISMA and the Obama administration's critical infrastructure EO. 

The White House initially extended Obama's December 2016 "national emergency" EO that ultimately led to sanctions against Russia for hacking and other attempts to tamper with the outcome of the US election. In March of this year - one year later - the administration levied financial sanctions of its own against five organizations and 15 individuals in Russia, and also issued an alert on that nation's targeting of US critical infrastructure and energy networks.

Five Russians named by the administration in its sanctions move had previously been sanctioned under the Obama administration.

Joan O'Hara, acting National Security advisor to the Office of the Vice President, here today made it clear the administration considers cyberthreats a priority. "The administration is very clear-eyed about the threats we face from nation-states," O'Hara said today prior to a federal cyberattack threat simulation exercise at the RSA Conference. "Cyberattacks are among the most serious attacks we face in terms of national security … The administration takes this very seriously and is doing a lot to face this challenge."

Among the Trump administration's efforts, she said, are calling out malicious nation-state actors, and placing sanctions on those adversaries, in an apparent nod to recent sanctions on Russian and Iranian officials for their attacks on US organizations and agencies. "President Trump has elevated the US CyberCommand," she noted, and is working to improve the security of federal agency networks as well as helping the private sector "leverage the best of American skill and ingenuity," she said.

Suzanne Spaulding, former DHS undersecretary for the National Protection and Programs Directorate (NPPD) in the Obama administration, said in an interview here that there's been "a lot of continuity" with the current administration's cybersecurity policy and activity with that of Obama's.

Spaulding, who is now a senior advisor for the Center for Strategic and International Studies, said she's not concerned about the current administration turning up the heat on nation-state adversaries: "I don't worry they aren't going to be proactive" or aggressive in their cyber response, she said. "But I do worry whether they have the 'troops' in place. So they may have the intentions and instincts … but you really do need to have people confirmed in positions to implement it."

"I feel good about the team at DHS, and the Secretary Nielsen has a cyber background. My sense is they are moving out in really smart ways," she said.

Michael Daniel, who served as Obama's cybersecurity coordinator, pointed to a tradition of relative continuity down the line of presidents, from Bill Clinton to George W. Bush, Obama, and then Trump. "Most policy changes tend to be evolutionary versus revolutionary," Daniel said of US cybersecurity policy. Even so, he said, "Rob's departure is going to slow down policy work," in the interim.

Bossert's and Joyce's departures come at a sensitive time geopolitically, given tensions between the US and Russia, North Korea, and Iran. "My question is where is the overall cybersecurity policy?" says Chris Pierson, CEO of Binary Sun Cyber Risk Advisors.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for a two-day Cybersecurity Crash Course at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the agenda here. Register with Promo Code DR200 and save $200.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.