Hacked to Bits

David Burnett/Contact Press Images
Staffers at the National Security Agency, Fort Meade, Maryland, October 2002

I was attending a cybersecurity conference outside San Francisco several months ago when an alarming bulletin crawled across the bottom of a television screen: “White House cybersecurity czar Tom Bossert to step down.” The room let out a collective gasp. Bossert was generally viewed as one of the few people at the White House who understood computers, computer networks, and information technology—and how it was reshaping the way we think about warfare and conflict.

Bossert had been a deputy homeland security adviser to President George W. Bush and spent two years overseeing critical US infrastructure security. This put him on the front lines as hackers quietly probed American and European nuclear power plants and water and electric systems. When President Trump named him assistant to the president for homeland security and counterterrorism in late 2016, experts were somewhat relieved. Bossert, they hoped, would be a countervailing force in a White House in which the president had famously suggested that meddling in the 2016 election could have been done by Russia, China, or “a 400 pound genius sitting in bed and playing with his computer.”

Late last year, in what appeared to be a change in strategy, the administration publicly announced that North Korea was behind the widespread “WannaCry” attack, in which ransomware rendered hundreds of thousands of computers—including those in the UK’s National Health Service—useless. “Cybersecurity isn’t easy, but simple principles still apply,” Bossert wrote in a Wall Street Journal editorial officially putting Pyongyang on notice.

Accountability is one, cooperation another. They are the cornerstones of security and resilience in any society. In furtherance of both, and after careful investigation, the US today publicly attributes the massive “WannaCry” cyberattack to North Korea.

This past spring, the Department of Homeland Security went further and released screenshots that showed Russian state hackers installing malware on American power plant computers, which would have allowed them not only to seize control of the facilities but potentially sabotage them as well. That was the first time the administration called out Moscow so publicly. After years of obfuscation about what Russian hackers were up to, Bossert and the administration’s cybersecurity officials seemed to be signaling they would be more open about the threat. (More open, but not transparent; details of Russia’s election hack were allowed to remain ambiguous.)

A week after Bossert announced his resignation, there was more personnel news: President Trump’s cybersecurity coordinator, Rob Joyce, said he’d be leaving too. Joyce, a well-respected expert who used to run the Office of Tailored Access Operations, the NSA’s cyber-warfare and intelligence-gathering unit, said he would be returning to his old agency. Soon after, President Trump signed an executive order eliminating the cybersecurity coordinator position. Cybersecurity was clearly a diminishing priority at the National Security Council. (According to Bob Woodward’s…

This is exclusive content for subscribers only.
Get unlimited access to The New York Review for just $1 an issue!

View Offer

Continue reading this article, and thousands more from our archive, for the low introductory rate of just $1 an issue. Choose a Print, Digital, or All Access subscription.

If you are already a subscriber, please be sure you are logged in to your nybooks.com account. You may also need to link your website account to your subscription, which you can do here.