The Department of Homeland Security will continue its recent practice of partnering with the United Kingdom to name countries that hack targets in both countries — despite current confusion about broader White House cybersecurity policy.
“I believe we should continue to do it,” Jeanette Manfra, the top DHS official devoted entirely to cybersecurity, told BuzzFeed News. “We’ve gotten a lot of feedback from the private sector and others saying we need to know who’s doing it because it helps to put things in context.”
A recent shakeup of President Trump’s National Security Council removed the Trump administration officials most responsible for cybersecurity strategy: Tom Bossert, who was fired on the first day John Bolton reported for work as Trump's newest national security adviser, and Rob Joyce, who resigned a week later as White House cybersecurity coordinator, reportedly in large part because Bolton didn’t prioritize a cybersecurity strategy.
Joyce’s replacement has yet to be named, and uncertainty about his successor has worried some in the private sector. A spokesperson for the National Security Council didn't reply to a request for comment.
DHS, however, whose cybersecurity focus is largely on large-scale defense, said it plans to continue the practice of naming countries responsible for attacks and doing so jointly with the UK.
“I don’t know if there’ll be a tremendous change, but of course every national security adviser and leadership has to have some time to get settled,” Manfra said.
In recent months, the White House had taken a tougher stance by partnering with its allies to call out hackers by name, particularly those from Russia. In February, the US and UK jointly blamed the notorious NotPetya ransomware, a malicious worm that quickly spread across computers around the world and caused hundreds of billions of dollars in damages, on Russian attempts to harass Ukraine. Australia, Canada, and New Zealand — the three other members of the Five Eyes alliance, which comprises the US’s primary intelligence partners — issued similar statements in the following hours.
A few weeks later, on March 15, DHS identified Russia as the culprit behind a previously described months-long campaign to target the US energy industry infrastructure. Concurrently, the Treasury Department announced sanctions on Russia, citing a variety of activities, including both the campaign against the US power grid and NotPetya.
Citing who’s behind a hacking operation, she said, helps create clarity in a murky world without internationally agreed-upon rules.
“Frankly, when we know it’s a nation-state, that means different things for how to defend themselves against it," Manfra said of IT workers. "They’ll raise the priority of how they’ll think about it.”
She added, “We’re also trying to establish some norms here about being a responsible in cyberspace, and responsible actors do not do these things.”
Ciaran Martin, Manfra’s counterpart in the UK, told BuzzFeed News that his country intends to continue to work with the US on jointly revealing which nation's are responsible for malicious cyber attacks, even if the process of declassifying information and jointly creating announcements can be cumbersome.
“I don’t really care that the organizational structures don’t really match. We find ways of making it work,” he said.
Manfra and Martin said they're mostly concerned with the countries widely seen as their largest adversaries in cyberspace: China Iran, North Korea, and Russia.
“I don’t want to get in an escalatory situation by any means, but I also feel that if i know somebody’s doing something, that the public and the companies have a right to know,” Manfra said.