But the decision to name the North also stands in stark contrast to how Mr. Trump has dealt with evidence that Russian hackers, under orders from President Vladimir V. Putin, organized the attack on the Democratic National Committee and the information warfare campaign that was meant to influence the 2016 election. Mr. Trump has often dismissed the intelligence finding that Russia was behind the hacking, declaring last month, “Putin said he did not do what they said he did.”
It is the same intelligence agencies — and some of the government’s same experts — that built the case against North Korea, according to members of the intelligence community who spoke on the condition of anonymity to discuss the investigation.
But the third, and perhaps most delicate, element of the WannaCry attack revolves around a fact that Mr. Bossert did not address in his op-ed: The North exploited vulnerabilities in software developed by the division of the National Security Agency that builds the United States’ cyberweapons. The code pulled off networks and computers compromised by WannaCry appears to have its roots in what the agency formerly called theTailored Access Operationsdivision, which devised online breaches.
Once it was clear the code had been stolen, the National Security Agency rushed to contain the damage, asking Microsoft to build a “patch” in its operating systems to prevent the attacks. But the agency has never talked about the group that stole the computer code, called the Shadow Brokers, which many officials believe is operating on behalf of the Russian government. But Mr. Bossert and his deputy, Rob Joyce, who formerly ran the Tailored Access Operations, have argued that it is the perpetrator of the attacks, not the United States government, that must take all of the responsibility for the damage it has wreaked.
“The consequences and repercussions of WannaCry were beyond economic,” Mr. Bossert wrote. “The malicious software hit computers in the U.K.’s health care sector particularly hard, compromising systems that perform critical work. These disruptions put lives at risk.”
The assertion by the White House came only hours after Mr. Trump published his new national security strategy, which calls for pushing back on states that sponsor cyberactivity. And even some alumni of the Obama administration now agree that they often underreacted to a range of digital threats, including Iran’s 2012 attacks on American banks, the hacking at Sony and the effort by Russia to intervene in the election. Until now, North Korea’s cyberstrikes have prompted almost no punishment.
Mr. Bossert seems determined to change that, and he wrote about elements of a new digital strategy that suggests that the Trump administration will be more aggressive in alerting manufacturers to flaws found in their software. But he has been vague about what kind of actions might be taken against those who initiate cyberattacks.
Robert Hannigan, the former director of Britain’s Government Communications Headquarters, said last month that in the realm of digital breaches, North Korea had benefited from being underestimated.
“Because they are such a mix of the weird and absurd and medieval and highly sophisticated, people didn’t take it seriously,” he said. “How can such an isolated, backward country have this capability? Well, how can such an isolated backward country have this nuclear ability?”
Get politics and Washington news updates via Facebook, Twitter and the Morning Briefing newsletter.
A version of this article appears in print on December 19, 2017, on Page A18 of the New York edition with the headline: U.S. Accuses North Korea of Cyberattack on British Health System.
Continue reading the main story