Are we, as a nation and military, as concerned with cybersecurity as we should be? How can an organization like the NSA, tasked with defending the nation against cyberattacks, still respect the privacy rights of American citizens? Event Envoy Chris Lawson, a Pacific Council member and Executive at Creative Artists Agency, pressed for answers to these questions and more in his one-on-one interview with Admiral Michael S. Rogers, Commander of U.S. Cyber Command, Director of the NSA, and Chief of the Central Security Service.
Watch the edited interview above, or read the full transcript below to learn more about Admiral Rogers’ role in defending the nation’s interests in cyberspace.
Chris Lawson: Admiral, what do you feel is the most pressing global issue that is not receiving enough attention?
Admiral Rogers: Well, I’ll stick with my lane in the road, which really is cyber and foreign intelligence, and I’ll specifically address the cyber piece. The challenge to me, and the reason that we’re not really spending enough time as I think we need to, is the fact that the legal framework we currently have today is predicated on an analogue based world, and we’re in a digital, wireless world where our laws and authorities aren’t matched for the reality of today. This is causing many of these challenges we’re running into, even as we’re trying to defend the nation against attacks from outside – from our cyber enemies.
Lawson: It seems that you operate in an interesting paradox, where on one end your organization is expected to react strongly to any kind of cyberattack, yet people do not want the NSA involved in their private matters. What is it like running an organization so uniquely positioned when it comes to having to serve both the public and private interest, especially when they seem to contradict?
Rogers: It’s fair to say there is this tension at times. It’s less for us in the workforce because our approach is to obey the rule of law: we don’t cut corners, and when we make a mistake we’re very upfront and acknowledge that we’ve made a mistake. It’s much more on the public side where there seems to be this conflict; I don’t see it as much internally.
The nation needs the capacities and capabilities of NSA in its cyberdefense mission.
I remind the organization that if we focus on doing the right thing, the right way, for the right reason, we’re going to be fine. The nation is counting on us; that’s what we need to do. As a leader, the argument I find useful in dealing with the inter-agency relationship, and dealing with Congress, is that while we have to acknowledge that tension, we cannot allow it to paralyze us. The nation needs the capacities and capabilities of NSA in its cyberdefense mission.
Lawson: When the hack of Sony Pictures occurred, a lot of people were very critical of their response; how they handled the people whose information was breached, for instance. Do you feel that it is now going to be a requirement of corporations and companies to not only answer the “what-if” questions, but also address the effects of what will happen if something does happen, and have it be not just an “if” question but a “when” question?
Rogers: I do believe that we can’t just focus our efforts on ensuring people don’t get in the networks. Despite our best efforts, we have to acknowledge that there is a high potential that it is still going to happen, and therefore you need that, “So what are you going to do?” My military culture teaches me the time to decide what you’re going to do is not in the middle of a crisis. You need to spend time and energy on this. You need to train, exercise, and simulate this well before it ever happens.
Lawson: Now that we have a much more technologically savvy, young generation coming up, do you see that as a source of increased security, or do you see it as challenging because now there will be more people with the knowledge of how to disrupt the systems in place?
Rogers: My own sons, aged 26 and 22, don’t think much about the security angle; they think about ease of access and the ability to do what they want, when they want. Just to give you a representation of two individuals - that just happen to be my sons - in that age group. Both are very technologically savvy, have been digital natives their entire lives, and really love the connectivity and the mobility that we’re able to give them these days, but they spend little time thinking about the security aspects of it. I try to remind them that you need to think about that in your personal life as a user.
Lawson: So often we [in Hollywood] are operating off of old stereotypes of what a hacker is. You picture the 16-year old in War Games or the Girl with the Dragon Tattoo, and there’s kind of nothing in-between. What would you say is different about the modern hacker versus what the public’s vision of them might be?
Rogers: The list of actors is growing from the kind of individual we always traditionally thought of as some young person working out of his basement, dark, hunched over multiple laptops and displays – not that that’s still not a factor, but now you have large criminal entities involved in this. You have nation-states. There’s a wide range of capabilities, and there’s a wide range of actors. It isn’t just the individual sitting in their basement deciding “hey, I’m just going to show what I can do.”
Lawson: I had the good fortune of seeing you speak at the RAND Corporation, and now with the Pacific Council on International Policy. What do you see as achieved by visiting businesses and organizations throughout California?
Rogers: I’m trying to reach out, in no small part, because the Silicon Valley and other areas of California are clearly critical in terms of their development of technology. One of the things I say to our workforce is that the days that we can just sit at Fort Meade and do everything ourselves are long gone. Our ability to execute our mission is in no small part driven by the partnerships we’re able to make. Secondly, we need to acknowledge that many in the tech area have concerns about what we do. We can sit in Fort Meade and just tell ourselves that we’re pure, we’re good, and wonder why they don’t understand, or we can get out and try and engage in a dialogue, a conversation.
One of the things I say to our workforce is that the days that we can just sit at Fort Meade and do everything ourselves are long gone.
Those two things are what really bring me to California. Today it was the Pacific Council, and I’m very grateful for the opportunity.
Chris Lawson is a Pacific Council member and Executive at Creative Artists Agency.