Whether it was a quirk in the schedule or planned, the timing of a keynote by the head of the National Security Agency and U.S. Cyber Command at the RSA Conference here was ironic.
Admiral Michael S. Rogers’ speech followed the annual encryption panel where the hot topic was whether Apple should accede to the U.S. government’s demand to help it crack the iPhone of one of the accused San Bernardino terrorists.
“That was an interesting panel to follow,” Rogers quipped, his only remark on the controversy.
An admitted “space geek” Rogers then noted the expected return later in the day of astronaut Scott Kelly after a record-setting 340 days in space.
But what does space travel have to do with cybersecurity? Rogers made the case that battling cyber threats will take the same kind of massive effort across industries, fields of expertise and international government cooperation. (Kelly’s mission involved the Russian Soyuz space capsule.)
The U.S. Cyber Command has an ambitious agenda with a workforce of 6,200 “high end individuals” focused on security. As much as technology will play an important role, Rogers several times emphasized the importance of the “human dimension” in fighting cyber terrorism.
“How do you change the culture and make people understand the challenges that lie ahead and what it means? It’s very much like what I remember, working in the nuclear culture that we brought to ships. The accountability and risk of nuclear, the special processes we put in place to mitigate risk—we need to do that for cyber and we are,” said Rogers.
Another theme of Rogers’ talk was partnerships. He mentioned the Cyber Command’s presence in Silicon Valley designed to bridge the differences the agency has with the tech industry. “This has been going on for about six months and it’s not about transactions it’s about partnerships and how to bring value to both parties,” he said. Cyber Command is also working with universities such as Stanford, U.C. Berkeley and Carnegie Mellon because “the academic perspective, research and insights are important.”
Rogers said his job has changed as it’s become increasingly important that government works with private industry to battle cyber threats—and the threat from nation states in particular. “I could never have anticipated being involved with Sony after it was hacked (by North Korea), but that’s where we find ourselves. The job for us is where we can provide value and that’s defined by others, not us.”
What Keeps the NSA Chief up at Night?
With intimate knowledge of the U.S.’s considerable cyber-defense capability, Rogers said there are still plenty of things that keep him up at night.
He predicts that we will see a nation/state, or a proxy acting on its behalf, attack critical infrastructure. Just seven weeks ago, there was just such an attack on the power grid in Ukraine.
“It was a very well-crafted attack on Ukraine’s power grid that knocked their system down,” said Rogers. But what also bothered Rogers was that the attackers apparently anticipated how the power grid’s provider was likely to respond and attacked in a way that would slow that down. That level of sophistication “worries me,” he said.
He also worries about next generation data theft. While computers are typically breached to steal data, Rogers is concerned that the software that controls data can also be compromised and manipulated so that we can’t trust it. “What if you’re a business and the financial transactions you’re seeing online don’t match what you think is reality?” he asked rhetorically.
But ending on an upbeat note, Rogers returned to astronaut Kelly and the incredible pooling of resources required to make his mission a success. “It took an international sustained effort to keep him up there for 340 days, but they did it. We can do the same with a sustained effort.”