Former Trump official: No one 'minding the store' at White House on cyberthreats

Michael Isikoff
Chief Investigative Correspondent
Tom Bossert (Photo illustration: Yahoo News; photos: AP (2), Getty Images)

Amid mounting warnings about another Russian cyberattack on the 2018 midterm elections, President Trump’s former homeland security adviser said a recent staff shakeup ordered by national security adviser John Bolton has left the White House with nobody in charge of U.S. cyber policy and raised concerns about “who is minding the store.”

“On cyber, there is no clear person and or clear driver, and there is no clear muscle memory,” said Tom Bossert, who served as White House homeland security adviser until last April, in an interview with the Yahoo News podcast Skullduggery.

“In some way playing jazz music, improvising policy because there is no clear playbook for it,” Bossert said. “And so, yes, if you’re asking me do I have any concerns? The concern would be who’s minding the store in the coordination and development … of new and creative cyber policies and strategies.”

Bossert’s comments were his most unvarnished yet since new national security adviser John Bolton reorganized the White House national security staff and — with no explanation — gave the homeland security adviser his walking papers.

Amid the overall National Security Council shakeup, Rob Joyce, a highly regarded former National Security Agency cybersleuth who served as Bossert’s deputy for cyber policy, also resigned, leaving the White House with no knowledgeable official directly in charge of organizing government-wide responses to malicious cyberattacks from foreign powers or other criminal hackers.

Bossert also said that he was “disappointed” in Trump’s press conference with Russian President Vladimir Putin, during which the president seemed to question the U.S. government’s own evidence pointing to Russia’s cyberattacks during the U.S. election. This was especially an issue for Bossert since he had personally briefed the president on more than one occasion about the clear forensic evidence that Russia was behind the cyberattacks, leaving him puzzled that Trump would even raise the question about why the FBI never seized the Democratic National Committee computer server — something that Bossert said was of little forensic value.

We talked extensively on cybersecurity,” said Bossert about his briefings with Trump. “I thought we had a sufficient number of conversations on this particular matter.”

“So look, I don’t mean to pile on him. I’ve stated I was pretty disappointed — I think others have — in the president’s press conference performance,” Bossert added. “He needed to correct that; it seemed to be appeasing Putin far too much. In fact, it seemed oddly to suggest he believed Putin’s galling  assertions and dismissals.”

Bossert came to the homeland security post with extensive experience in dealing with cyberattacks, having served on the NSC staff under President George W. Bush. As he explained it, he was the official designated to personally inform the campaign of then candidate Barrack Obama that Chinese hackers had infiltrated its computers during the 2008 election. (At the same time, the Chinese had penetrated the computers of Republican candidate John McCain as well.)

But Bossert said that Bolton made it clear that he wanted a new “organizational structure” with a smaller NSC staff. (Bolton has since downgraded Bossert’s position and replaced him with a Coast Guard admiral, Doug Fears.)

“What I hope is that the portfolio that I had isn’t neglected.” Bossert said. “So I think it’s not for me to comment on their current organization structure. I’m going to watch it and see if there is any change in performance, but I’m rooting for them.” He described his final talk with Trump as bittersweet. He and the president had a “very heartfelt and long conversation about it, and I think it’s safe to say that I was a bit sad to leave and he was a bit sad to see me go and he’s got my support in spirit,” Bossert said. “If that organizational structure doesn’t work, it’ll be a shame because it’ll be a failure to him. It wasn’t his idea.”

Download or subscribe on iTunes: “Skullduggery” by Yahoo News

Bossert made his comments while attending the Aspen Security Forum — an annual gathering of national security professionals and journalists that was dominated this year by discussion about the potential for another Russian cyberattack on the midterm elections. Those concerns were ramped up when, on the eve of the conference, Director of National Intelligence Dan Coats said the “warning lights are blinking red” of another Russian cyberattack on the country’s infrastructure.

In one panel at the conference, Bossert raised, as an example of the ongoing threat, a massive 2017 Russian cyberattack, dubbed NotPetya, that crippled Ukraine’s financial, energy and government sectors.

The malware inserted by Russian state hackers in Ukrainian computers during that attack then spun out of control and ended up infecting critical systems in the United States and the United Kingdom.

“They engaged in absolutely reckless behavior and that, you might recall, it ended up causing billions of dollars of loss in Western Europe and the United States,” Bossert said during his Skullduggery interview. “And it also shut down three American ports for a period of a couple of days each. That was a tremendous, tremendous blow.”

While still in the White House, Bossert led the U.S. government effort to publicly attribute the NotPetya attack to Russian military intelligence and to ratchet up sanctions. It was an exercise that, Bossert said, showed the importance of a vigorous U.S. role in combatting the growing plague of cyber-intrusions.

“We have to lead,” he said. “The United States has to take action to turn that kind of improvising playbook into a written down set of rules based on action. We make some mistakes along the way, that’s better than not acting.”


More “Skullduggery” from Yahoo News: