After Detailing Russian Hack, White House Cyber 'Czar' Announces Departure : The Two-Way Rob Joyce said he was stepping down hours after a joint U.S., U.K. and Australia statement blaming the Kremlin for a cyberattack last year.
NPR logo After Detailing Russian Hack, White House Cyber 'Czar' Announces Departure

After Detailing Russian Hack, White House Cyber 'Czar' Announces Departure

The National Security Administration campus in Fort Meade, Md., where the U.S. Cyber Command is located. Acting Homeland Security Adviser Rob Joyce said Monday he would leave the White House to return to the NSA. Patrick Semansky/AP hide caption

toggle caption
Patrick Semansky/AP

The National Security Administration campus in Fort Meade, Md., where the U.S. Cyber Command is located. Acting Homeland Security Adviser Rob Joyce said Monday he would leave the White House to return to the NSA.

Patrick Semansky/AP

Updated at 6:55 a.m. ET

The Trump administration's cybersecurity coordinator, Rob Joyce, said Monday that he will leave his post — an announcement that comes just a week after the exit of his boss, Homeland Security Adviser Tom Bossert.

The announcement of the departure of Joyce — who is acting homeland security adviser after Bossert's departure — followed by hours a joint U.S., U.K. and Australia statement condemning Russia for a cyberattack last year that apparently targeted government and corporate networks for the purposes of economic and political espionage.

Joyce said he was leaving to return to the National Security Agency.

"Serving as the White House's cybersecurity coordinator for the last 14-months has been a tremendous opportunity to work on some of our nation's most important cyber challenges," Joyce said in a statement, according to The Washington Post. "I look forward to continuing to serve our nation at the agency I've called home for the last 27 years."

While Bossert's departure has been attributed to new National Security Adviser John Bolton, a White House official quoted by Reuters characterized Joyce's move as voluntary, saying he was "three months past his detail of a year."

The Post reports, "Joyce, a career federal employee, will stay on as needed to facilitate the transition to his eventual replacement, White House officials said. He is currently also serving as the acting deputy homeland security adviser, which includes coordinating responses to natural disasters and monitoring terrorism threats."

According to Wired, the loss of Bossert and Joyce in quick succession "will slow the ability of the US to think about big-picture cybersecurity concerns. And replacing them may not be easy."

Wired writes that "Bossert's purview extended beyond cybersecurity specifically, but America's security from digital threats has nonetheless been an area of particular focus for him since he served as deputy homeland security advisor in George W. Bush's second term." It says "Joyce, meanwhile, brought serious hacker bona fides to the White House earned after years of running the NSA's elite hacking team known as Tailored Access Operations."

In October, the White House declined to allow Joyce to testify before the Senate Armed Services Committee citing executive privilege and past precedent, briefly parking talk of a subpoena that never materialized.

Earlier Monday, the U.S. and Britain publicly blamed Russia for a global cyberattack last year that quietly hit government and corporate networks. Later, Australia joined in the statement.

The August 2017 attack reportedly involved planting malware on Cisco routers used by government agencies and companies to steal secrets and possibly "lay the foundation for future offensive cyberattacks," according to Reuters.

A joint statement by the U.S. Department of Homeland Security, the FBI and the U.K.'s National Cyber Security Centre, said the Russian attack targeted "government and private-sector organizations and infrastructure, and internet providers supports these sectors."

"Victims were identified through a coordinated series of actions between U.S. and international partners," according to an alert issued at the same time by the U.S. Computer Emergency Response Team (US-CERT).

"When we see malicious cyberactivity, whether Kremlin or other nation state actors, we are going to push back," Joyce said in a call with journalists hours before he announced his departure.

The joint statement said the Russian hack was specifically directed at "network infrastructure devices worldwide such as routers, switches, firewalls, network intrusion detection system."

"Russian state-sponsored actors are using compromised routers to conduct spoofing 'man-in-the-middle' attacks to support espionage, extract intellectual property, maintain persistent access to victim networks and potentially lay a foundation for future offensive operations," the statement said.

Reuters reports that "The Kremlin on Tuesday said it did not understand the basis for British and U.S. allegations ..."