Perimeter

4/17/2018
06:50 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Trump Administration Cyber Czar Rob Joyce to Return to the NSA

First year of Trump White House's cybersecurity policy mostly followed in the footsteps of the Obama administration.

RSA CONFERENCE 2018 – San Francisco – White House cybersecurity coordinator for the National Security Council and former National Security Agency official Rob Joyce plans to step down from his post and rejoin the intelligence agency.

Joyce, who was widely respected among cybersecurity industry experts, left on the heels of his supervisor, Tom Bossert, homeland security advisor, this month after President Trump named John Bolton as his new National Security Advisor replacing H.R. McMaster. While Bossert's departure is believed to be tied to Bolton's arrival, Trump administration officials have said Joyce is leaving on his own accord, and will remain in his position until Bolton selects a replacement.

Kirstjen Nielsen, who delivered a keynote address here today, told reporters that Joyce likely will remain on the job at the White House for another 30 days.

Joyce, the former chief of the NSA's elite hacking team's office of Tailored Access Operations (TAO), led the administration's cyber security policy for the past year for the White House. Overall, Trump's cybersecurity policy didn't veer much away from that of his predecessor: his May 2017 Executive Order for the most part echoes and builds on policies of previous administrations, including FISMA and the Obama administration's critical infrastructure EO. 

The White House initially extended Obama's December 2016 "national emergency" EO that ultimately led to sanctions against Russia for hacking and other attempts to tamper with the outcome of the US election. In March of this year - one year later - the administration levied financial sanctions of its own against five organizations and 15 individuals in Russia, and also issued an alert on that nation's targeting of US critical infrastructure and energy networks.

Five Russians named by the administration in its sanctions move had previously been sanctioned under the Obama administration.

Joan O'Hara, acting National Security advisor to the Office of the Vice President, here today made it clear the administration considers cyberthreats a priority. "The administration is very clear-eyed about the threats we face from nation-states," O'Hara said today prior to a federal cyberattack threat simulation exercise at the RSA Conference. "Cyberattacks are among the most serious attacks we face in terms of national security … The administration takes this very seriously and is doing a lot to face this challenge."

Among the Trump administration's efforts, she said, are calling out malicious nation-state actors, and placing sanctions on those adversaries, in an apparent nod to recent sanctions on Russian and Iranian officials for their attacks on US organizations and agencies. "President Trump has elevated the US CyberCommand," she noted, and is working to improve the security of federal agency networks as well as helping the private sector "leverage the best of American skill and ingenuity," she said.

Suzanne Spaulding, former DHS undersecretary for the National Protection and Programs Directorate (NPPD) in the Obama administration, said in an interview here that there's been "a lot of continuity" with the current administration's cybersecurity policy and activity with that of Obama's.

Spaulding, who is now a senior advisor for the Center for Strategic and International Studies, said she's not concerned about the current administration turning up the heat on nation-state adversaries: "I don't worry they aren't going to be proactive" or aggressive in their cyber response, she said. "But I do worry whether they have the 'troops' in place. So they may have the intentions and instincts … but you really do need to have people confirmed in positions to implement it."

"I feel good about the team at DHS, and the Secretary Nielsen has a cyber background. My sense is they are moving out in really smart ways," she said.

Michael Daniel, who served as Obama's cybersecurity coordinator, pointed to a tradition of relative continuity down the line of presidents, from Bill Clinton to George W. Bush, Obama, and then Trump. "Most policy changes tend to be evolutionary versus revolutionary," Daniel said of US cybersecurity policy. Even so, he said, "Rob's departure is going to slow down policy work," in the interim.

Bossert's and Joyce's departures come at a sensitive time geopolitically, given tensions between the US and Russia, North Korea, and Iran. "My question is where is the overall cybersecurity policy?" says Chris Pierson, CEO of Binary Sun Cyber Risk Advisors.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for a two-day Cybersecurity Crash Course at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the agenda here. Register with Promo Code DR200 and save $200.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
8 Security Tips to Gift Your Loved Ones For the Holidays
Steve Zurier, Freelance Writer,  12/18/2018
How to Engage Your Cyber Enemies
Guy Nizan, CEO at Intsights Cyber Intelligence,  12/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
[Sponsored Content] The State of Encryption and How to Improve It
[Sponsored Content] The State of Encryption and How to Improve It
Encryption and access controls are considered to be the ultimate safeguards to ensure the security and confidentiality of data, which is why they're mandated in so many compliance and regulatory standards. While the cybersecurity market boasts a wide variety of encryption technologies, many data breaches reveal that sensitive and personal data has often been left unencrypted and, therefore, vulnerable.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16883
PUBLISHED: 2018-12-19
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.
CVE-2018-17192
PUBLISHED: 2018-12-19
The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on th...
CVE-2018-17193
PUBLISHED: 2018-12-19
The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a prior ...
CVE-2018-17194
PUBLISHED: 2018-12-19
When a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. On a DELETE request, the body was ignored, but if the initial request had a Content-Length value other than 0, the receiving nodes would wait for the body and even...
CVE-2018-17195
PUBLISHED: 2018-12-19
The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication, same subnet access, a...