As the details of the latest apparent Russian cyberattack came into focus this week, all of the news was bad. By late yesterday afternoon, U.S. officials had issued an urgent warning that the cyberoffensive was "a grave risk to the federal government."
It's a multifaceted problem, which is drawing renewed scrutiny of Donald Trump's record on the issue, especially as he chooses not to condemn the alleged intrusion.
Halfway through his first year in the White House, for example, the American president had a private chat with Russian President Vladimir Putin, after which the Republican announced plans to partner with Russia on an "impenetrable Cyber Security unit." The blowback was fierce enough that Trump quickly retreated, but there were several related steps that actually happened.
For example, less than a year after the proposed partnership with Putin, the Trump White House eliminated the job of the nation's cyber-security czar, as part of John Bolton's reorganization of the National Security Council. The New York Times reported at the time, "Cyber-security experts and members of Congress said they were mystified by the move.... It was the latest in a series of steps that appeared to run counter to the prevailing view in Washington of cybersecurity's importance."
A year ago this week, Josephine Wolff, an assistant professor of cybersecurity policy at the Tufts Fletcher School of Law and Diplomacy, wrote an op-ed intended to highlight vulnerabilities in the U.S. cyberinfrastructure. Wolff paid particular attention to a series of key personnel changes and "the mass departures of cybersecurity staff" within the administration.
Turnover in the federal government is normal, and cybersecurity professionals, in particular, have plenty of outside career options should they choose to leave. But taken together, the departures by high-level cybersecurity officials in the last half of 2019 amount to more than just the expected churn of government officials — they signify the systematic decimation of the personnel most directly responsible for protecting critical infrastructure, shielding our elections from interference and guarding the White House's data, devices and networks.
The prescient op-ed concluded with the professor expressing concern about "the increasingly sophisticated forms of cyberespionage and cybersabotage being developed by our adversaries," which the Trump administration seemed ill-equipped to address.
The issue has not gone unnoticed on Capitol Hill, where lawmakers spent months on the National Defense Authorization Act (NDAA), devoting a chunk of the package to, as the New York Times reported today, that "would help protect against the kind of broad Russian hacking discovered in recent days."
The military bill contains two dozen provisions to strengthen cyberdefenses. It gives the federal government the ability to actively hunt for foreign hackers trying to penetrate computer networks and establishes of a national cyberdirector who would coordinate the government's defenses and responses to such attacks.
Sen. Angus King (I-Maine) called it "the most important cyber legislation ever passed by the U.S. Congress."
Donald Trump is nevertheless eager to veto the bill, making his record on the issue just a little worse.