Several news outlets today reported on the announcement that President-elect Trump has chosen Tom Bossert to be homeland security adviser. The President-elect particularly praised Bossert’s expertise in the cyber realm. One report said that Bossert will have an elevated status in the administration and will be “independent.” Bossert previously served in the Bush administration, where he helped author one of the nation’s first cyber strategies. He has been President of the risk management firm Civil Defense Solutions, and a Zurich Cyber Risk Fellow at the Atlantic Council’s Cyber Statecraft Initiative.
Another article quoted Bossert as stating that the U.S. “must work toward [a] cyber doctrine that reflects the wisdom of free markets, private competition and the important but limited role of government in establishing and enforcing the rule of law, honoring the rights of personal property, the benefits of free and fair trade, and the fundamental principles of liberty.”
Commentary
Much of the focus on cybersecurity since the November elections has shifted from alleged Russian meddling in the election to what the new year and new administration will mean for cybersecurity. The vast majority of that has been speculation and a wide variety of recommendations for President Trump. The announcement today provides the first solid insight as to what Trump’s cyber policies may consist of.
I feel it is worth noting that Trump feels confident enough in Bossert to give him independent status. The WSJ article referenced above claimed that Bossert will have the same level of authority as Lt. Gen. Michael Flynn. With such great deference given to Bossert, it is possible that he be one of, if not the lead player in shaping cyber policy for the next four years.
Included below is the Bush administration cyber strategy that Bossert is reported to have helped author. The strategy was mainly a laissez-faire approach. The goals of the National Strategy to Secure Cyberspace were (1) prevent cyber attacks against America’s critical infrastructure; (2) reduce national vulnerability to cyber attacks; and (3) minimize damage and recovery time from cyber attacks that do occur. These are all fairly obvious objectives. The administration also placed most of the burden on the private sector, claiming that it was “best equipped” to handle it. The government did have a role in limited situations, but it wasn’t much. The strategy really focused on the development of public-private partnerships, an idea we still see frequently today in the cyber realm.
Bossert’s recent quote about his views of the government’s role in cyber seem to parallel the key components of the 2003 National Strategy. While the President-elect’s campaign and actions have yet to yield any clear cyber positions, it is possible that today’s announcement has provided some insight into what may be a limited role for the government in coming years.
Leave a Reply