When it comes to cybersecurity policy, the Trump administration's head and body have rarely seemed to agree. Take the past two months, for instance. In late October, the president made an absurd declaration at a campaign rally that “nobody gets hacked.” That same week, the Cybersecurity and Infrastructure Security Administration (CISA), Justice Department, and Treasury Department all took separate, landmark steps to counter Russian hacking—unsealing an indictment against six hackers in Russia's GRU military intelligence agency, imposing new sanctions on the Moscow research institute responsible for a uniquely dangerous piece of malware, and warning of an ongoing hacking campaign believed to be carried out by the FSB.

A few weeks later, Donald Trump lost the election and laid the blame on false conspiracy theories about electoral hacking and fraud. When CISA released a statement lauding the election as the "most secure in American history," contradicting the president's claims, Trump summarily fired CISA director Chris Krebs. This year was finally capped off by revelations of a disastrous hacking campaign that hijacked the software updates of IT management firm SolarWinds to breach a slew of federal agencies and tech firms. Now, even as attorney general William Barr and secretary of state Mike Pompeo have pointed to Russia as the culprit, Trump has responded by downplaying the crisis, suggesting intrusions might have been carried out by China instead.

On almost every significant cybersecurity issue of the past year, President Trump has appeared to be either AWOL or at war with his own federal agencies. But cybersecurity observers on both sides of the political divide say the results of that disconnect have been a surprisingly mixed bag: The ongoing SolarWinds debacle shows how Trump's disjointed, self-serving failures of leadership have left the federal government struggling to pull together a coherent response to one of America's most serious cybersecurity failures in years. But in other cases, Trump's inattention to and ignorance of cyber issues led him to empower and then largely ignore leaders at agencies like CISA, the NSA, and Cyber Command, allowing them to carry out aggressive new tactics that often were effective, if uncoordinated.

In that sense, the Trump administration's headless strategy has at times seemed to be an inadvertent success, argues Jacquelyn Schneider, a cybersecurity fellow at the Hoover Institution and a senior policy adviser to the DOD Task Force on the Cyber Solarium Commission. Agencies were trying a broad set of unprecedented actions to curb foreign hacking, from indictments and sanctions to attempts to reveal and sabotage adversaries' hacking tools. Their efforts have won bipartisan approval from the security community. "We got progress because the administration was so dysfunctional that it just kind of forgot about all these capabilities that they've given these agencies and let the agencies figure it out," says Schneider. "We got a lot of bottom-up experimentation, and the agencies were able to do and try things that, maybe with a lot of overhead and a lot of careful watching, they wouldn't have done."

Only after SolarWinds did the real cracks in that decentralized strategy—or lack of strategy—begin to show, Schneider argues. "They're doing the best they can operationally, and having some operational success," Schneider says of the heads of agencies like CISA, the NSA, and Cyber Command. "But they’re missing the larger strategic picture, especially when it comes to Russia."

This year's bold measures from the federal government to counter foreign hacking have included a statement in February from the State Department naming and shaming the Russian military unit behind a cyberattack against the nation of Georgia—a rare move given that Georgia is not a member of NATO. Throughout the year, the NSA, Cyber Command, and CISA have all published information about foreign hackers' tools with warnings about how they're being used—and, in the case of Cyber Command, accompanied by mocking cartoons—rendering them far less effective and stealthy. And Cyber Command in October took the unprecedented step of hacking into and sabotaging the TrickBot botnet, a collection of more than a million cybercriminal-controlled computers that had been used in ransomware attacks, severing the operators' connections to the majority of their enslaved machines. That hacking operation was not merely the first time Cyber Command's abilities had been used against hackers; it's also the first known case of the agency using its attack capabilities against any adversary's hacking infrastructure.

Most of those actions were the result of strong leadership at the agency level of the federal government, argues J. Michael Daniel, the president of the Cyber Threat Alliance, who served as cybersecurity coordinator during the Obama administration. He names NSA director and head of Cyber Command General Paul Nakasone, NSA cybersecurity directorate head Anne Neuberger, and CISA's Krebs as a few of the figures who pushed for aggressive responses on cybersecurity despite the relative inattention of the president. "This administration at the most senior levels really doesn't value these kinds of activities, and the fact that the agencies have continued to slog away at them is a real testament to their personal drive to stick to their missions," Daniels says.