Governance & Risk Management

Who Is Trump's Top Security Adviser Tom Bossert?

Trump Taps Bossert as Assistant to the President for Homeland Security and Counterterrorism
Who Is Trump's Top Security Adviser Tom Bossert?
Thomas Bassert will help shape the Trump administration's cyber doctrine.

Thomas Bossert, named to be President-elect Donald Trump's top homeland security adviser, is well-versed in cybersecurity and will bring extensive public and private-sector experience to the job, say people who know him.

See Also: Cyber Risk in 2024: Combating Third-Party Risk

Trump on Tuesday tapped Bossert to be assistant to the president for homeland security and counterterrorism. Assistants to the president are the top level of senior staff within the Executive Office of the President.

According to Trump's transition team, Bossert will advise the new president on issues related to homeland security, counterterrorism and cybersecurity, and will coordinate the cabinet's process for formulating and executing policy in these matters. Bossert will work closely with Department of Homeland Security Secretary-designate Michael Flynn. He will focus on domestic and transnational security priorities; Flynn on international security challenges.

"He's an experienced and thoughtful security professional," says Stewart Baker, a Washington lawyer who as a former assistant secretary for policy, worked with Bossert at DHS. "His appointment is a good sign for how seriously the Trump administration will take homeland security. His recent experience in cybersecurity issues is also strong, so I expect him to take the threat of cyberespionage and cyberattacks seriously."

Trump's Cyber Doctrine

Bossert, in a statement, says the new administration must work toward a cyber doctrine that "reflects the wisdom of free markets, private competition and the important but limited role of government in establishing and enforcing the rule of law, honoring the rights of personal property, the benefits of free and fair trade and the fundamental principles of liberty.

"The internet is a U.S. invention; it should reflect these U.S. values as it continues to transform the future for all nations and all generations."

Jacob Olcott, a former top congressional cybersecurity staffer who's now vice president of BitSight Technologies, says Bossert is sketching an outline for the Trump cyber doctrine that leverages market-based solutions. "There's a tremendous appetite on the Hill for this type of approach to national cybersecurity policy, and I think he could achieve a lot of success in a short period of time," Olcott says.

Indeed, one of the top homeland security and cybersecurity thought leaders in Congress, House Homeland Security Committee Chairman and Congressional Cybersecurity Caucus Co-Founder Mike McCaul, R-Texas, praised Bossert's appointment in a Twitter statement.

Democratic Rep. James Langevin of Rhode Island, McCaul's co-founder of the Cybersecurity Caucus, also praised Bossert's appointment. "Cybersecurity is the signature national security issue of our time, and it is imperative that the president-elect make it a top priority when he assumes office," Langevin says. "Tom brings important experience to this role, particularly his work with the National Security Council during President George W. Bush's administration. He has been a strong advocate for public-private partnerships in cybersecurity and for an increased role for the White House in setting federal cybersecurity policy."

Bossert, in the George W. Bush administration, served as the deputy homeland security adviser, with a portfolio that included cybersecurity. Earlier, he held the post of deputy director of legislative affairs at the Federal Emergency Management Agency, part of DHS. Bossert for the past 7½ years has headed CDS Consulting, a private risk management firm. Since 2013, Bossert also has served as a senior fellow at the think tank Atlantic Council's Cyber Statecraft Initiative. Several people familiar with Bossert say these experiences should serve the new administration well.

'Zeal in Promoting Risk Management'

"He has an especially deep knowledge of how to implement policy and how to effectively maneuver in government," says Chuck Brooks, vice president for government relations at Sutherland Global Services, who as Homeland Security director of legislative affairs in the mid-2000s worked with Bossert in the early days of DHS. "Tom is known in the cybersecurity community for being very intelligent, easy to work with and for his zeal in promoting risk management."

George Forseman, the first DHS undersecretary for national protection and programs, characterizes Bossert as "thoughtful and pragmatic." Bossert, Forseman says, has a "solid perspective that is grounded in learning many lessons about what works and what does not. In other words, he is battle-tested, and sometimes a scar or two is a useful reminder for not repeating mistakes."

Although Bossert will be focused on domestic security, his work at the Atlantic Council suggests he brings to the job an international perspective to cybersecurity. The Atlantic Council promotes U.S.-European cooperation on security.

"Tom will be very strong on pushing for more aggressive deterrence measures against nation-state threat actors that misbehave in cyberspace," says Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike, who worked with Bossert at the Atlantic Council.

That view was echoed by Brooks and Herbert Lin, a senior research scholar for cyber policy and security at Stanford University who served on President Barack Obama's Commission on Enhancing National Cybersecurity.

International View on Domestically Focused Job

"His experience at the Atlantic Council will be valuable in working with our allies in the increasingly lethal global cybersecurity threat environment," Brooks says.

Lin says he believes Bossert's work at the think tank suggests he places a high value on maintaining transatlantic relations. "You may remember during the campaign, Trump downplayed the significance of NATO, even raising the question whether we would defend [some alliance members] because they hadn't paid their dues," Lin says. Bossert's appointment, the Stanford scholar says, could serve as a "countervailing influence" on the new president. But as an appointee whose job is focused on domestic rather than international security, Lin says, "his voice on that may be limited. But nonetheless, he's a person who will have access [to Trump] and speak of the importance of maintaining the transatlantic connection."

Based on Bossert's and Trump transition team comments, Bossert will be more directly involved in cybersecurity than were his two Obama administration predecessors, Lisa Monaco and John Brennan. "It is a positive step," says Global Cyber Alliance CEO Phil Reitinger, who held a senior cybersecurity policy post at DHS during the early years of the Obama administration. "It seems Mr. Bossert is intended to have a more direct cybersecurity role." Reitinger met Bossert when he served as a senior security strategist at Microsoft and Bossert was advising Bush.

Still, Reitinger and others expect Trump to name a senior aide who would be exclusively focused on cybersecurity. Obama's aide, Cybersecurity Coordinator Michael Daniel, is a special assistant to the president, two rungs below what will be Bossert's rank. The Trump transition team has not made any comments on whether there would be a cybersecurity adviser in the White House or what level of authority that position would have.

Cybersecurity as a Top Administration Priority

Nonetheless, Brooks sees Bossert's appointment as a statement that Trump considers cybersecurity preparedness a top priority for his administration. "Tom is a logical person to help coordinate President Trump's call for an immediate review of all U.S. cyber defenses and vulnerabilities, including critical infrastructure, by a cyber review team individuals from the military, law enforcement and the private sector," Brooks says.

Adds Forseman: "Tom is the type of guy that can work across ideological spectrums to achieve maximum advantage."

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.