President-elect Donald Trump has named Thomas Bossert, a former deputy national security adviser to President George W. Bush, as a homeland security adviser. Currently the CEO of CDS Consulting and a fellow at the Atlantic Council’s Cyber Statecraft Initiative, Bossert is a veteran policymaker for cybersecurity and counterterrorism initiatives.
In a statement, Bossert emphasized that “[the U.S.] must work toward [a] cyber doctrine that reflects the wisdom of free markets, private competition and the important but limited role of government in establishing and enforcing the rule of law, honoring the rights of personal property, the benefits of free and fair trade, and the fundamental principles of liberty.”
Bossert’s position as assistant to the president for homeland security and counterterrorism will be “elevated” and given an “independent status” from the president’s larger security advisory group, according to Trump’s White House transition team. In the past, the aide has acted as a liaison between the White House and foreign leaders in the transnational war against terrorism.
While working in the Bush administration, Bossert also served as the White House’s director of infrastructure protection policy — a leadership position that helps organizes, across multiple federal agencies, the security of U.S. critical infrastructure, including major transit and communication systems.
“Tom brings enormous depth and breadth of knowledge and experience to protecting the homeland to our senior White House team,” Trump said in a statement. “He has a handle on the complexity of homeland security, counterterrorism, and cybersecurity challenges. He will be an invaluable asset to our Administration.”
Bossert will focus on domestic and transnational security issues while retired Lt. Gen. Michael Flynn, Trump’s pick for national security adviser, focuses on international security challenges.
The appointment comes at time when the Obama administration is reportedly struggling to cement a response strategy to counter Russia’s aggression in cyberspace, which spans hacks into multiple U.S. political organizations and businesses.
“Cyber is an interesting issue when you couple it with, and I would argue you almost always couple it with, some other ongoing nation-state tension,” Bossert said during a 2013 panel discussion at the D.C.-based Atlantic Council. “We are now trying to put into context these cyberattacks against our greater strategic objectives … I think it would be a mistake to consider denial of service attacks, which the financial sector admits is a mass disruption as opposed to a mass destruction, as something that would tip us into war. I think it’s important, at this point, to have a steady hand on the tail and not necessarily rush into some counterattack but the pressure will be mounting.”
On Tuesday, Bossert’s hiring received praised from Dmitri Alperovitch, CTO and co-founder of cybersecurity firm CrowdStrike — a company perhaps best known for originally attributing the DNC data breach to Russian intelligence forces. Bossert spoke about attribution in 2013.
“Attribution tends to be a focus of concern for people because they want to hold someone accountable, but there is another reason for attribution. If it is a nation state, the federal government has a different responsibility. It is fundamental. It is constitutional to the protection of the country,” Bossert said during the panel discussion. “If it is a private actor, we have a slightly different responsibility. We tend to treat these things as law enforcement matters and so forth … cyber is a distributed problem.”
Bossert’s apparent hesitation to rely on offensive cybersecurity methods as a primary deterrence strategy runs inline with opinions held by current, unnamed senior White House officials cited by The Washington Post and The New York Times.
“There are a number of things we can do defensively, but offensively the government is in the prickliest of situations. And defensively we are perhaps in the least powerful position, with private industry taking the lead,” Bossert previously said.