In the wake of the White House’s decision to eliminate its top cybersecurity position, a Department of Homeland Security official has called on the U.S. government to robustly engage on cyber policy issues on the world stage.
The Trump administration should have a “strong voice” at internet standards bodies and other global forums, working with allies and non-allies alike, said Jeanette Manfra, assistant secretary for DHS’s Office of Cybersecurity and Communications.
“We have to figure out a way to continue to work together to ensure that the stability of the global system is maintained,” Manfra said Tuesday at the Security Through Innovation Summit, presented by McAfee and produced by CyberScoop.
Manfra did not mention the recently-nixed White House cybersecurity coordinator in her remarks, but that position has traditionally been key to the United States’ international cybersecurity work. At a February conference in Germany, for example, then-White House cybersecurity coordinator Rob Joyce vowed that the U.S. government would “work on the international stage to impose consequences” on Russian hackers.
National security adviser John Bolton’s decision to abolish the White House coordinator last week drew criticism from analysts and lawmakers who said the administration was shirking its responsibilities in cyberspace. Spanning Democratic and Republican administrations, the position had synchronized cyber policy across the federal government’s sprawling bureaucracy.
The State Department also has been without a cybersecurity coordinator since the departure of Christopher Painter 10 months ago, with Deputy Assistant Secretary Robert Strayer serving as the top cyber diplomat. Advocates of U.S. digital diplomacy said former secretary of state Rex Tillerson’s initial decision to downgrade Painter’s office sent the wrong message to the world about U.S. willingness to shape international behavior in cyberspace.
However, in an interview after her remarks, Manfra downplayed any potential impact of the elimination of the coordinators on U.S. policymaking and global engagement in cybersecurity.
The U.S. government has matured in its cyber policymaking to reach “a different type of governance” in which agencies’ policy coordination can happen at a lower level rather than needing to be routed through a top coordinator at the NSC, Manfra told CyberScoop while praising Joyce’s work in the role.
The White House coordinator wasn’t the point-person for U.S. work at global standards bodies, she said.
As for the State Department, Manfra said she hadn’t seen a downturn in the department’s work on cybersecurity since Painter’s departure.
More carrot than stick
DHS has been at the center of U.S. government action to secure supply chains from products deemed susceptible to foreign espionage. Last September, for example, the department ordered federal agencies to remove all products made by Moscow-based Kaspersky Labs from their networks. U.S. lawmakers are now looking to further crack down on products made by Chinese telecom company ZTE as the Trump administration pushes for a trade deal with China.
Asked about the possibility of future bans on foreign products considered national security threats, Manfra said the Kaspersky case was “a very unique situation” and that there were less severe ways of clamping down on the supply chain.
“I think that it’s more important to go through that risk assessment process [rather than going] piecemeal or continually singling out a company,” she told CyberScoop.
In her remarks, Manfra broached another priority for policymakers in cyber deterrence.
While the Trump administration’s release of its cyber-deterrence strategy has stalled over a debate about hacking back, Manfra said defensive measures might deter adversaries more than offensive ones. Network defenders can address a swathe of known vulnerabilities that are still ripe for attackers, she said.