By Ruth Steinhardt
National Security Agency Director Adm. Michael Rogers said Monday that one of his priorities in facing cyber attacks against the United States is to get government and private sectors to work together “funneling information” back and forth.
At a packed cyber security forum at the George Washington University’s Jack Morton Auditorium, Adm. Rogers said the federal government cannot stand alone in combating cyber attackers on the frontlines of the new defense frontier.
“Even as the director of the NSA, I don’t pretend for one minute that the NSA knows everything that’s going on, or that we are the only entity that can provide value,” Adm. Rogers said. “We need to bring together the capabilities of our nation’s intelligence infrastructure [with] the private sector to understand what is happening.”
The wide-ranging discussion was moderated by Frank Cilluffo, associate vice president and director of the Center for Cyber and Homeland Security at GW.
Given the rapidity with which the cyber infrastructure has evolved in the last few decades, Adm. Rogers said, it is unsurprising that network administrators struggle to address emerging threats.
The consequences of a successful attack on U.S. government networks or banks could be cataclysmic, and high-profile cyber attacks against major corporations like Sony and Wal-Mart have economic repercussions that go beyond the private sector.
“Our networks were not designed with redundancy, resilience and defensibility as core design characteristics,” he said. “They reflect a different time when it was largely about efficiency and costs. Not that those are bad things, but we didn’t really foresee the possibility of threats.”
But threats do exist, he said, and since existing technologies were not designed to face them, it has become increasingly important to create a large and well-trained workforce of cyber security professionals.
“At its heart, technology is a means to an end,” Adm. Rogers said. “The men and women who employ that technology are where we get our edge.”
Adm. Rogers said that deterrence was also not merely a technological matter. When North Korea attacked Sony over the release of “The Interview,” for example, the U.S. responded with new economic sanctions rather than a tit-for-tat retaliation.
“Just because someone comes at us in cyber doesn’t mean we have to respond in cyber,” he explained. “In terms of long-term deterrence, we need to think more broadly.”
This would be true, Adm. Rogers said, whether the attacker in question is a nation-state or an independent hostile organization.
“In some ways, cyber is a great equalizer,” he said.
The forum took place less than a week after the U.S. Second Circuit Court ruled that the Patriot Act did not authorize bulk collection of telephone data by the NSA. Adm. Rogers addressed the issue frankly, saying it was not the NSA’s job to determine legal parameters—only to “execute [its] framework…in a way that protects the privacy of our citizens.”
“In the end, the NSA executes a legal framework developed by Congress and tested by the courts,” he said.