“Cyber blur” is an enormous challenge to those seeking to defend the nation’s networks, Navy Adm. Michael S. Rogers, the National Security Agency’s director, said recently.
At the Reagan National Defense Forum in Simi Valley, California, Rogers, who’s also commander of U.S. Cyber Command and chief of the Central Security Service, explained that network defense isn’t an either-or proposition that can be neatly divided into public sector, private sector and national security responsibilities.
“This is the ultimate team sport,” he said. “There is no single sector, there is no single element of this population, and there is no single element within the government that has the total answer. It will take all of us working together to make this work.”
The nation’s adversaries don’t hesitate to blend public and private capabilities in the cyber realm, either, he said.
“The biggest thing that concerns me ... in the immediate near term is we’re taking capabilities, whether it be nation-states, groups or individuals, and I’m watching some of these blur and create partnerships that make attribution more difficult. They clearly are intended to try to stymie attribution as well as policy decisions on our part,” Rogers said. “...This is going to require us to think a little differently.”
National Cyber Strategy
Lack of a cyber strategy that includes not just national defense, but public and private sector networks, has created a situation where attackers run little risk by engaging in attempts to penetrate inner systems and steal information, the admiral said.
“My concern there is, if we’re not careful and this trend continues, this will encourage nation-states, groups or individuals potentially to start to engage in ever more escalatory and riskier behavior, and that’s not a good thing for us as a nation,” he said.
Right now, there’s a broad consensus on what elements need to be addressed by a national cyber strategy, Rogers said, but the challenge has been in coming to an agreement on specifics.
“From a Department of Defense perspective, I’m very comfortable with the vision we have in terms of how do we create capability, what skill set should it have, how should it be employed operationally, how should it be integrated -- cyber’s got to be integrated with a much broader effort,” he explained. “I’m not a big fan of looking at cyber kind of in isolation.”
Bridging the Corporate Divide
Rogers said he’s visited Silicon Valley twice in his seven months in office in an effort to bring together the public- and private-sector sides of the nation’s cyber workforce and find some agreement between the needs of corporate cyber and national defense.
“We have got to understand each other, and I’m watching two cultures that are largely just talking past one another,” the admiral said. “Not because one is good and one is bad but because they’re two different cultures with really different views of the world around them [and] lack of familiarity with the other side.
“If we are each going to vilify each other, we will get nowhere,” Rogers continued. “It cannot be that one of us is good and one of us is bad. We each have a valid concern, and what’s the way that we can work together to make this work.”
By Claudette Roulo; DoD News, Defense Media Activity