Adequately tracking the arrival and departure - ouster, resignation, fall from grace - of officials in President Donald Trump's White House might be best suited to real-time, multidimensional flowcharts.
But one thing is clear: The White House is facing a looming cybersecurity knowledge and expertise deficit. And that deficit may soon get worse.
"With no one at the helm at the White House to manage this process, I worry about which countries will step in."
In recent weeks, two of the administration's top cybersecurity leaders have either departed or announced their imminent departure, including Rob Joyce, the White House cybersecurity coordinator.
There is also a move afoot in Trump's administration, led by his new, hawkish National Security Adviser, John Bolton, to eliminate the cybersecurity coordinator role altogether, Politico first reported on Wednesday.
Many former insiders, however, have warned that doing so sends a dangerous message at a time when nation-states - especially Russia, China, North Korea and Iran - are increasingly launching online reconnaissance and attack campaigns, with some designed explicitly to destabilize American society (see Russia Will Meddle in US Midterm Elections, Spy Chief Warns).
"This would be a huge step backwards," said Chris Painter, a former coordinator for cyber issues at the U.S. State Department, via Twitter.
This would be a huge step backwards. The time is right to prioritize, not demote, these issues & focused WH coordination & leadership is vital. Sending any signal that we are not prepared to lead makes a difference to our allies & adversaries alike. https://t.co/1AyhSlWVEU— Chris Painter (@C_Painter) May 9, 2018
Role: Cybersecurity Coordinator
The cybersecurity coordinator role was created by President Barack Obama at the start of his administration. It has been tasked with leading a team of National Security Council staffers who coordinate the administration's approach to numerous matters, including election security, responding to nation-state hackers and developing policies on encryption.
Eliminating the role might signal to other countries "that the U.S. is taking the gas pedal off of cybersecurity as a key national security issue," Megan Stifel, a former NSC director for international cyber policy, told Politico. "With no one at the helm at the White House to manage this process, I worry about which countries will step in."
The role is currently held by the departing Joyce, who previously led the NSA's Tailored Access Operations team - its top hacking group - and who reportedly plans to return to the NSA (see The Evolving Hacker Mantra: Simplicity).
Joyce has described the role as being essential for coordinating policies in a White House in which "there's a lot of differing opinions about the right way ahead."
Follows Bossert's Ouster
Joyce's planned departure follows that of his boss, Tom Bossert, who served as the White House assistant for homeland security and counterterrorism from the start of Trump's administration until April 10. Assistants to the president are the top-level of senior staff within the Executive Office of the President.
During his tenure, Bossert was instrumental in guiding the White House's approach to cybersecurity matters (see Who Is Trump's Top Security Adviser Tom Bossert?). Notably, Bossert called out North Korea for being behind WannaCry and also briefed the nation on President Trump's cybersecurity executive order.
Joyce, meanwhile, reportedly drove the administration to hold the nation-states behind state-sponsored hacking campaigns to greater account, and also pushed for the U.S. government to share more vulnerability details with the private sector via its so-called Vulnerabilities Equities Process (see Post-WannaCry, Microsoft Slams Spy Agency Exploit-Hoarding).
Bossert's departure appears to have been engineered by John Bolton, who on April 9 began serving as the White House national security adviser. Politico reports that Bolton's deputy, Mira Ricardel, might absorb the cybersecurity coordinator function into her office.
Such a move might presage Bolton and Ricardel not seeking to coordinate the administration's cybersecurity policy so much as set it.
Joyce Cancels RSA Appearance
Bossert oversaw Joyce's work. Since Bossert's departure, Joyce has been temporarily filling his shoes.
Joyce had been due to deliver a keynote presentation on "Cybersecurity: A View From the White House" at last month's RSA Conference in San Francisco but canceled at the last minute, prompting speculation that he might be departing the White House.
Despite his absence, the conference did feature participation by other officials, including Department of Homeland Security Secretary Kirstjen M. Nielsen (see DHS Secretary: US Won't Tolerate Cyber Meddling).
The National Security Agency's David Hogue, who's in charge of defending the U.S. Department of Defense's unclassified networks, also shared attack insights gleaned from the DOD's security operations center (see NSA: The Silence of the Zero Days).
Returning to NSA
Joyce reportedly plans to depart on Friday. A White House official told Reuters on April 17: "Joyce is three months past his detail of a year and is deciding to return to NSA."
Joyce has been lauded for his technical acumen, with some contrasting his expertise with that of his predecessor, Michael Daniel, who came under fire from some quarters for not being an information security expert (see In Defense of Michael Daniel).
Speaking to Reuters, Robert Lee, a former U.S. intelligence officer and president of industrial control system cybersecurity firm Dragos, says of Joyce: "He'll be missed in the position but hopefully set a standard that future appointments to the position will follow."