The White House has not had a centralized cybersecurity strategy since John Bolton joined the Trump administration in March, Michael Hayden, the former head of the National Security Agency told Fifth Domain.
Hayden said that since Bolton arrived at the White House in March, he’s "just not sure what the direction is.”
“In the Bush administration and the Obama administration, I could point to something to say this is the American cyber plan and then I could argue about it. I can’t do that here yet," Hayden said.
Hayden has been a regular critic of the Trump administration. Earlier this month, he signed a letter with other former intelligence officials criticizing Trump for revoking and threatening to take away security clearances from outspoken critics.
In a one-on-one interview with Fifth Domain, Hayden argued the Trump administration “picked a very strong team originally” with former White House officials Tom Bossert and Rob Joyce. He described an executive order on cyberspace as “patient, thoughtful, measured … all good things.”
But an inflection point for the administration’s cyber strategy came with the entrance of Bolton, Hayden said. Quickly after Bolton became Trump’s national security adviser, Bossert and Joyce left the White House.
“By and large the positions have been abolished. I mean, you don’t have the dedicated structure you had before. That worries me a lot,” Hayden said.
In response to questions from Fifth Domain, the White House said it was taking a whole-of-government approach to address foreign malign influence and ensuring election security.
“Streamlining management improves efficiency, reduces bureaucracy, and increases accountability,” said Garrett Marquis, a spokesman for the National Security Council. The more new structure "continues efforts to empower National Security Council senior directors.”
Hayden said that due to the absence of a cybersecurity strategy from the White House, leaders at the National Security Agency and U.S. Cyber Command are developing America’s offensive and defensive cyber policies.
“It looks as if the intellectual development of a way forward is really centered in Fort Meade rather than the White House,” Hayden said, referring to the Maryland home of the NSA and Cyber Command. But he told Fifth Domain the two agencies “can’t do anything” until the White House approves an approach on policy.
Gen. Paul Nakasone, the current head of the NSA and Cyber Command, and his predecessor, Adm. Michael Rodgers, have talked about “pushing for creating the policy and legal structure to do things in the cyber domain above the threshold of routine espionage but below the threshold of armed conflict,” Hayden said.
Hayden’s comments come after a White House official told Fifth Domain last week that Trump “rescinded” Presidential Policy Directive 20, which previously governed America’s actions in cyberspace. Although it is not precisely clear what replaced the presidential order, it is believed the new rules of digital engagement are more aggressive.
Based on press reports, Hayden said the White House’s new order shows the U.S. is “going to increase the cost to other people if they do cyber damage to the United States … that’s not saying better cyber defenses. That’s saying cyber defenses are really hard, and therefore we need to convince people that it is a bad idea in the first place.”
But Hayden was not entirely critical of the administration’s cyber plan. He said that the Trump White House is more comfortable working with the private sector, which can boost U.S. cyber defenses. “In the cyber-realm, that also gives me reason to hope.”
In June, the Trump administration announced the creation of a national risk center to partner with and protect the private sector.
Hayden was clear about America’s strength in cyberspace. “I do think our core line of defense in defending American information networks, operating systems is the private sector."