![](\"https:\/\/media.wired.com\/photos\/5ad52b8d5f2e234c3e92b7d6\/master\/pass\/rob_joyce_cybersecurity-01.png\"\/)
<\/p>\n<\/p>\n
Credit to Author: Brian Barrett| Date: Mon, 16 Apr 2018 22:56:40 +0000<\/strong><\/p>\n Today, the White <\/span>House confirmed that cybersecurity coordinator Rob Joyce will head back to the National Security Agency, where he previously ran the nation\u2019s top hacking team. His departure comes just a week after Tom Bossert<\/a>, Trump\u2019s cybersecurity czar and Joyce\u2019s boss, was forced out\u2014and leaves the administration without two trusted voices on one of the most important challenges the US faces going forward.<\/p>\n While Bossert\u2019s exit appears to have been engineered by recently installed national security advisor John Bolton, Reuters reports<\/a> that Joyce will leave of his own accord. But whatever the reasons for their respective absences, losing them will slow the ability of the US to think about big-picture cybersecurity concerns. And replacing them may not be easy.<\/p>\n 'Even though no one should be surprised, it doesn\u2019t mean it shouldn\u2019t be an outrage.<\/p>\n Jason Healey, Columbia University<\/p>\n To understand the impact of losing both Bossert and Joyce, it\u2019s important to understand exactly what it is they do. As homeland security adviser, Bossert\u2019s purview extended beyond cybersecurity specifically, but America's security from digital threats has nonetheless been an area of particular focus for him since he served as deputy homeland security advisor in George W. Bush\u2019s second term. It was Bossert who called out<\/a> North Korea for the WannaCry ransomware that threatened to seize up computers around the world in a recent Wall Street Journal editorial, and who briefed<\/a> the nation on Trump\u2019s cybersecurity executive order<\/a> last fall. He was also seen as a potentially stabilizing force<\/a> in a freewheeling administration.<\/p>\n Joyce, meanwhile, brought serious hacker bona fides<\/a> to the White House earned after years of running the NSA's elite hacking team known as Tailored Access Operations. That experience helped navigate everything from if and when US spy agencies disclose valuable vulnerabilities<\/a> to the country\u2019s deterrence strategy<\/a> in an increasingly combative online world.<\/p>\n And combined, the two appear to have led the US reversal in its stance on Russian hacking. Previously, Trump had refused even to acknowledge that Russia had interfered in the 2016 election. Presumably under Bossert and Joyce's guidance, the administration leveled serious sanctions<\/a> just last month against the country for its cyber misdeeds. After they go, it's unclear what line the US might take against Putin's hackers.<\/p>\n In a statement, White House press secretary Sarah Sanders said that Joyce has \u201chas agreed to stay on as needed to provide continuity and facilitate the transition with his replacement.\u201d<\/p>\n Staff upheaval when a new national security advisor comes in isn\u2019t uncommon. But losing the two top people responsible for US cybersecurity policy in short succession\u2014without having replacements lined up\u2014concerns close observers.<\/p>\n \u201cEven though no one should be surprised, it doesn\u2019t mean it shouldn\u2019t be an outrage,\u201d says Jason Healey, a cyberconflict researcher at Columbia University who served the George W. Bush administration as the director of cyber infrastructure protection. \u201cRight when the cyber challenges are going to be significantly picking up, we just don\u2019t have any team there.\u201d<\/p>\n The impact won\u2019t be felt as acutely day to day, says J. Michael Daniel, who served in Joyce\u2019s role under President Barack Obama and currently heads up the Cyber Threat Alliance nonprofit. \u201cOn the incident side, if something bad happens and we need to respond, that can be done and will continue to happen, and I have confidence in our ability to respond to that,\u201d Daniel says.<\/p>\n But until Bolton finds suitable replacements, expect big-picture progress to come to a standstill. \u201cYou would have to expect that there\u2019s going to be a slowdown in the policy process,\u201d says Daniel. \u201cIt would be foolish to think otherwise.\u201d<\/p>\n 'You would have to expect that there\u2019s going to be a slowdown in the policy process.'<\/p>\n J. Michael Daniel, Cyber Threat Alliance<\/p>\n There\u2019s never a good moment to be without cybersecurity policy leadership\u2014well, OK, maybe the 19th century\u2014but these happen to be especially fraught times. Russia has been poking at the US grid<\/a> and routers worldwide. Trump seems determined to decertify the nuclear deal with Iran<\/a>, a country that has seen its share of brazen hacks<\/a> recently. And North Korea remains a geopolitical wild card<\/a> with impressive cybercapabilities<\/a>. Strategies need to be formed. Decisions need to be made. With Bossert gone and Joyce on the way out?<\/p>\n \u201cI guess they just don\u2019t get made,\u201d says Healey.<\/p>\n Finding qualified people to replace Bossert and Joyce also seems daunting. The Trump administration in general has had difficult filling important roles; it has failed to even put forth a nominee for 213 of the 656 key positions requiring a Senate confirmation, per a tracker<\/a> from The Washington Post<\/em> and Partnership for Public Service. It has gotten well fewer than half confirmed. And the curriculum vitae<\/em> required of a White House cybersecurity guru makes for a fairly limited pool of potential candidates. Especially, Healey argues, given the unceremonious manner in which Bossert was ousted.<\/p>\n \u201cWho\u2019s going to take the job after this,\u201d says Healey. \u201cI have a lot of difficulty imagining anyone else that they bring in is either going to know very much or be very well-respected.\u201d<\/p>\n It helps, at least, that Joyce will remain on hand for now. But it doesn\u2019t change the fact that the White House is staring at a big blanks space where its cybersecurity policy blueprint should be, with no apparently plan to sketch it in.<\/p>\n