Will Trump’s White House Cyber Chief Be Caught in Intel Crossfire?

With two weeks until President-elect Donald Trump is sworn in, few issues loom as large as the real estate mogul’s ongoing battle with the U.S. intelligence community over its assertions that Russian hackers interfered with the U.S. election.

Caught in the middle of that increasingly acrimonious fight will be Tom Bossert, Trump’s pick for homeland security and counterterrorism advisor, who will shoulder responsibility inside the White House for cybersecurity. This week, Trump again attacked U.S. intelligence officials who are preparing dossiers on Russian involvement in the hacks. On Thursday, James Clapper, America’s top intelligence official, fired back at Trump, telling a Senate panel that the evidence of Russian interference is stronger than ever. On Friday, top U.S. intelligence officials met with Trump and his advisers, including Bossert, to personally brief them on their report documenting Russia’s hacking and leaking campaign. Shortly before that briefing, Trump doubled down on his attacks, calling the investigation a “political witch hunt.” 

Cyber-issues are more important today than they were the last time Bossert worked in the White House, as a well-regarded, analytically minded homeland security deputy under George W. Bush, also handling cybersecurity. Last week, the Obama administration announced long-delayed reprisals against Russia for its cyber-meddling in the election. Moscow, in contrast, said it would hold off taking any action until Trump assumes office, tendering an olive branch to the next administration.

But that olive branch may be rebuffed, at least by some. Bossert has advocated for tougher measures against countries that attack the United States in cyberspace. “What we can do is what we can get away with,” he said during a 2013 Atlantic Council panel. And he’ll be joined in the next administration by a host of other hawks, including future national security advisor Michael Flynn and his deputy as well as incoming Defense Secretary James Mattis, who’ve called for a much more muscular approach to deterring foes in cyberspace.

“I believe Tom will push for more aggressive deterrence measures against nation-state threat actors that misbehave in cyber than what we have seen from the Obama administration,” said Dmitri Alperovitch, the co-founder of the security firm CrowdStrike and who worked with Bossert while they served as fellows at the Atlantic Council, a Washington think tank.

For example, faced with hugely disruptive cyberattacks from Chinese hackers in recent years, Alperovitch recalls that Bossert consistently advocated pressing Beijing and threatening it with sanctions if hackers didn’t back off. The Obama administration, after prolonged internal debate and hundreds of billions of dollars in economic losses, only took action against Chinese commercial hackers in 2015.

And Bossert will have a greatly expanded toolkit since he last handled cyber in the White House. At the time, Bossert was one of the few aides in the White House clamoring for more staff and resources for cyber-issues, said Daniel Kaniewski, who worked with Bossert on the Homeland Security Council and is now at Georgetown University.

Bossert did not respond to requests for comment.

Today, cyber plays a much bigger role in U.S. offensive capabilities — but also in its vulnerabilities. The Obama administration launched major cyberattacks to slow down Iran’s nuclear program, for example. Obama further broadened the next administration’s capabilities by expanding presidential power to sanction those involved in cyberattacks. Last week, he expanded that authority to retaliate against attacks on the U.S. election system. But a proliferation of commercial hacks and cyber-espionage in recent years have also underscored how much more vulnerable the United States is to malicious hackers than it was in years past.

What’s not clear is whether Bossert, despite his past clamor for a tougher stance on hostile countries, will essentially pass the buck for cyber-security to the private sector. Though Trump floated the idea of making U.S. cyber-defense a job for the military — defense of civilian networks rests with the Department of Homeland Security — Bossert touts “free-market” solutions.

“We must work toward cyber doctrine that reflects the wisdom of free markets, private competition and the important but limited role of government in establishing and enforcing the rule of law, honoring the rights of personal property, the benefits of free and fair trade, and the fundamental principles of liberty,” Bossert said in a statement accompanying his appointment.

According to a cybersecurity executive who did not wish to appear to be criticizing the incoming administration, Bossert’s statement signals that “companies are on their own for dealing with cyberattacks, no matter who it is from.” That hands-off attitude would mean a likely larger role in the years to come for private-sector cyber-defense and incident response, he said.

Though an establishment Republican national security hand, Bossert never was a vocal “Never Trump” critic during the campaign, keeping a door open for him. But that doesn’t guarantee a congenial fit in the Trump administration, either, staffed as it is with conspiracy-theory hawkers like Trump, Flynn, and White House strategist Steve Bannon.

Ken Wainstein, a former Homeland Security advisor to Bush, described Bossert as “very rational and analytical,” as someone who will “get the facts from the intelligence community.” When he gives his assessment to the president, Wainstein said, it “will be based on the facts.”

Such an approach contrasts with Trump, who claims to have better intelligence than the professionals charged with briefing him, and continues to dismiss consensus conclusions from the U.S. intelligence community about Moscow’s role in the election.

“Professionals in this space are very used to laying out the facts as they see them and giving advice, and it not always coming to fruition,” said a former National Security Council official who spoke on condition of anonymity to describe the interactions between a president and his staff.

The question, he said, is what happens next. A president dismissing the advice of a top cybersecurity official out of principled disagreement is one thing; doing so out of personal motives, “that’s another story.”

And Trump’s continued dalliance with Julian Assange, the exiled Australian founder of the internet leak site Wikileaks, to discredit the U.S. intelligence community raises plenty of questions in Congress about those motives.

“With every conspiracy theory-laden tweet and erratic off-the-cuff comment, the president-elect does damage to our national security, while raising new concerns about his capacity to grow into the job,” said Rep. Adam Schiff, the ranking Democrat on the House Intelligence Committee.

“That he would accept the transparently self-serving denials of the Kremlin is alarming enough, but that he would now cite people like Assange who have demonstrated universal hostility to the United States and its interests takes him into new and even more treacherous territory.”

Photo credit: DAVID BECKER/Getty Images