Pages

29 October 2015

It’s Only a Matter of Time


Adm. Michael Rogers on how long before there’s a digital Pearl Harbor in the U.S.
Wall Street Journal, Oct. 27, Pg. R7 | Dennis K. Berman
As director of the National Security Agency, Adm. Michael Rogers is on the front lines of U.S. efforts to thwart cyberwarfare and cybercrime.
Adm. Rogers sat down with Dennis K. Berman, the financial editor of The Wall Street Journal, to talk about the cyberthreats that concern him most and efforts by tech firms such as Apple Inc. to build products that protect user data from law enforcement.
Edited excerpts follow. 
BERMAN: So how long until we have a digital Pearl Harbor here in the U.S.? 

ADM. ROGERS: It is only a matter of when before someone uses cyber as a tool to do damage to critical infrastructure within our nation. I’m watching nation states, groups within some of that infrastructure. At the moment they seem to be focused on reconnaissance, but it’s only a matter of time until someone actually does something destructive.

The second trend that concerns me, historically to date we’ve largely been focused on the extraction of data and insights, whether it be for intellectual property for commercial or criminal advantage. But what happens when suddenly our data is manipulated, and you no longer can believe what you’re physically seeing?

And the third phenomenon when I think about threats that concern me is what happens when the nonstate actor, take ISIL for example, whose vision of the world is diametrically opposed to ours, starts viewing the Web not just as a vehicle to generate revenue, to recruit, to spread the ideology, but as a weapons system. 
BERMAN: Do we need to go on offense in ways that we haven’t before? 

ADM. ROGERS: I think clearly we have got to change the current dynamic. To date, most nation states, most groups, most individuals, have come to the conclusion that there is little price to pay for the actions they’ve taken. 
BERMAN: What’s your view on end-to-end encryption? Some in law enforcement say it allows criminals and spies to keep their activities secret. 

ADM. ROGERS: Strong encryption is in our nation’s best interest. 
BERMAN: Impenetrable encryption? 

ADM. ROGERS: That isn’t what I said. Strong encryption is in our nation’s best interest. The challenge is, the technology around us is changing, and for the first time in a long time, we see an environment where criminal actors, nation states, groups, are able to harness the power of that technology in a way that defeats the ability to generate insight. The challenge is, how do we create an environment within a framework that we as citizens are comfortable with that enables the importance of these two imperatives [security encryption and the ability to generate insights as to criminal behavior and threats to our nation’s security].

I’m a big believer that if we put our minds to this, we can figure out a way to do it. 
BERMAN: You said something interesting at dinner. It’s the idea of a court-martial for someone who clicks on a phishing attack email. 

ADM. ROGERS: In the Department of Defense, we provide hundreds of thousands of people with weapons. We remind them, “We are giving you this capability for a specific purpose. You will use it only under specific situations for specific purposes. And you will ensure that that weapon is safeguarded at all times and you are accountable for it.”

We recently caught the Russians penetrating the Joint Staff network in the Pentagon. It boiled down to four individuals who clicked on a link in an email. I asked them, “What was going through your mind?” Because when I looked at the email, I said to myself, “Why would you have opened this? It makes no sense” And the answer I got was, “It was early in the morning. It was a Monday. I’m just blowing through my emails.”

If someone had said to me, “Hey, it’s lonely on post. It’s the middle of the night out in the middle of nowhere. I just pulled my gun out because I wanted to quick draw,” we would never accept that. So why are we willing to accept this kind of behavior in the cyberworld?

No comments:

Post a Comment