«NATIONAL PRESS CLUB LUNCHEON WITH NSA CHIEF ADMIRAL MICHAEL S. ROGERS SUBJECT: CYBER SECURITY CHALLENGES FOR THE UNITED STATES MODERATOR: THOMAS ...»
NATIONAL PRESS CLUB LUNCHEON WITH NSA CHIEF ADMIRAL MICHAEL S. ROGERS
SUBJECT: CYBER SECURITY CHALLENGES FOR THE UNITED STATES
MODERATOR: THOMAS BURR, PRESIDENT OF THE NATIONAL PRESS CLUB
LOCATION: THE BALLROOM, WASHINGTON, D.C.
TIME: 12:30 P.M.
DATE: THURSDAY, JULY 14, 2016
(C) COPYRIGHT 2008, NATIONAL PRESS CLUB, 529 14TH STREET, WASHINGTON, DC USA. ALL RIGHTS RESERVED. ANY REPRODUCTION, REDISTRIBUTION OR
RETRANSMISSION IS EXPRESSLY PROHIBITED.
UNAUTHORIZED REPRODUCTION, REDISTRIBUTION OR RETRANSMISSION
CONSTITUTES A MISAPPROPRIATION UNDER APPLICABLE UNFAIR COMPETITION LAW,
AND THE NATIONAL PRESS CLUB RESERVES THE RIGHT TO PURSUE ALL REMEDIES
AVAILABLE TO IT IN RESPECT TO SUCH MISAPPROPRIATION.
FOR INFORMATION ON BECOMING A MEMBER OF THE NATIONAL PRESS CLUB, PLEASECALL 202-662-7505.
THOMAS BURR: (Sounds gavel.) Welcome to the National Press Club. My name is Thomas Burr; I'm the Washington correspondent for the Salt Lake Tribune and the 109th President of the National Press Club. Our guest today is Admiral Michael S.
Rogers, the Commander of the US Cyber Command, the Director of the National Security Agency, and the Chief of the Central Security Service.
I would like to welcome our Public Radio and C-SPAN audiences. And I would like to remind you that you can follow the action live on Twitter using the hashtag NPClive. That's NPClive. Now it’s time to introduce our head table guests. I'd ask each of you to stand briefly as your name is announced. Please hold your applause until I have finished introducing the entire table.
From your right, Jen Judson, land warfare reporter at Defense News, and the cochair of the Press Club’s Young Members Committee; Tony Capaccio, Pentagon correspondent at Bloomberg News; Max Lederer, publisher of Stars and Stripes;
Elizabeth Bumiller, the Washington bureau chief of The New York Times; the Honorable John Warner, former Secretary of the Navy and former United States Senator from the Commonwealth of Virginia; Kasia Klimasinska, Bloomberg News breaking news reporter, and chair of the Press Club Speakers Committee.
Skipping over our speaker for just a moment, Kevin Wensing, a retired U. S.
Navy captain and the Press Club Speakers Committee member who organized today’s event; thank you, Kevin. Erik Meltzer, senior news production specialist at the Associated Press; Jerry Zremski, Washington bureau chief of The Buffalo News and a past president of the Press Club; John Donnelly, senior defense writer at Congressional Quarterly and the chairman of the Press Club’s Press Freedom Committee; and Viola Gienger, senior editorial and writer at the United States Institute of Peace. Thank you.
(Applause) Our guest today, Admiral Michael Rogers, is wearing many hats. As the head of U. S. Cyber Command, he is tasked with defending the Defense Department’s networks and protecting critical U. S. infrastructure. As the Director of the National Security Agency, he gathers foreign intelligence to monitor what nations, states, groups and individuals are doing in the cyber arena and that could pose a threat to the United States.
He accepted those responsibilities in April 2014, during the times when the public was still outraged about the scope of the NSA’s phone and internet surveillance exposed by massive leaks from a former NSA contractor, Edward Snowden. While he was in office, hackers successfully intercepted networks of Sony Pictures and U. S. government personnel agency. Attacks on Sony initially caused the company to cancel the release of a comedy movie and crippled thousands of computers. The Obama Administration responded by tightening sanctions on North Korea blamed for the attacked.
Admiral Rogers warned that the country should brace itself for more intrusion of that kind. He points to Russia and China as the biggest hacking threats saying that hackers from North Korea and Iran also represent challenges. Still, during his Senate confirmation hearing, Admiral Rogers admitted that one of his most demanding tasks is to get Americans comfortable with NSA's actions, such as collecting phone record data including the numbers used. NSA espionage practices have been criticized by civil liberties groups, technology companies and U. S. allies. Rogers faces the challenge of having to explain his work through the general audience and for foreign partners while keeping most of the details and findings secret from our enemies.
He has a unique opportunity to talk both about the NSA and the U. S. Cyber Command at the National Press Club luncheon today. Please help me give a warm welcome to Admiral Rogers, National Press Club. (Applause) ADMIRAL ROGERS: Boy, I got to tell you what I thought I heard there was please let me help me give it to Admiral Rogers. (Laughter) I just thought, well, this is going to be an interesting conversation.
So first and foremost, thank you all very much for being here and to the National Press Club, thank you for the opportunity. I'll share a few thoughts with you and then I'm interested in a dialogue, take your questions on any topic. To those who joined us electronically, thank you very much as well for taking time for a conversation that I hope generates value for you and also helps me to learn because I'm always interested in how do you generate more insights, how do you generate outcomes. Ultimately, my view is that's what ultimately job is.
If I could, I'm going to add two things to what you heard in the introduction about the responsibilities of Cyber Command and NSA. But oh, before I forget, before I say that, my compliments to the Club. I have never been at a function and had cookies with the label of the organization. I got to tell you, that's amazing to me. My day is made.
When I go back to Fort Meade after this and tell them, “Look at the cookies this place had.” (Laughter) So what I want to say is in addition to what you heard on the U. S. Cyber Command side, operate and defend the Department of Defense’s networks, defend if directed by the President or the Secretary of Defense critical elements of U. S.
infrastructure against significant events of cyber sequence, of significant cyber consequence. The third mission that you didn't hear outlined was also generate the capacity and employ it across the range of the defense and the offense to support broader military operations around the world. And we have publicly acknowledged that we are doing offensive actions right now against ISIL in cyber and the fight in Syria and Iraq.
And I'll be very up front with you and tell you I'm just not going to go into any more details. I like to be very honest with people. I'm often asked in forums like this, “Well, can't you give us more details?” And I'm going, “No, I'm just-- we're in a fight against an adaptive learning adversary and I have no desire to give that adversary greater insight.” So apologize to you in advance. I'm just not going to go down that road with you.
The other item I would highlight with the National Security Agency, we highlighted in the introduction our foreign intelligence mission, the use of signals intelligence in the foreign environment to gain insights into what nation states, groups and actors are doing that are of significant concern to our nation, friends and allies. And that is much broader than just cyber.
The second mission for NSA, and one that is growing in increasing importance, is information assurance. We had always been responsible for developing the cryptographic standards and the security standards for classified systems within the Department of Defense, but over the course of the last decade or so, increasingly NSA in its information assurance mission, is being called upon to provide defensive insight as to how you stop penetrations. And once a network is penetrated, how do you drive the opponent out and then how do you configure the structure so they can't get back in?
That has been a huge growth for NSA over the last few years. In some ways, I often somewhat internally joke with the team, we find ourselves becoming the FEMA of the cyber world for others, because increasingly we're just being called upon, “Hey, you have technical capability, you have capacity, you have expertise. How can you apply this as we're helping to defend both systems in the government but as I previously talked about, we were called upon to assist in the Sony response, for example. If you had told me as a military leader, as the Director of the NSA, that I was going to be involved in supporting a motion picture company and responding to how it was going to deal with a significant penetration, I'll be honest and tell you, “Boy, I don't think that's going to come up during my time.” As the Director, I failed to anticipate that one miserably. OPM, we were part of a broader team that provided expertise within the government and response to the aftermath of that.
What I thought I'd do, then, is just highlight kind of where I think we are in both of those mission sets, if you will, and then I'll be glad to take any questions on any topics from you. So United States Cyber Command, the senior of the two jobs. It's actually where the fourth star comes from, not the NSA job, the Commander of Cyber Command job, is considered within the military structure the senior of the two responsibilities.
As the Commander of U. S. Cyber Command, I find myself as a very traditional operational commander within the department, much like CENTCOM, PACOM. I'm at a slightly different level, but we all realize what the impact of cyber is, and will be, across our department. And so we are working hard as an organization, as many other organizations are, as many other elements within the government are, to insure that as a department, we have the capacity and capability to continue to operate within the face of adversaries who are determined to use vulnerabilities inherent within the cyber framework, networks, weapons platforms, and to exploit those vulnerabilities, to attempt to negate our ability to execute our mission as a broader department.
That is priority number one for U. S. Cyber Command, is to insure that our networks and our data and our key platforms and capabilities are fully capable of operating in the face of an adversary or adversaries who want to take away those capabilities. So that's mission number one for us.
To do that, as well as the other two missions you heard me outline, we are generating within the Department of Defense a dedicated what we call the cyber mission force. It's a force of dedicated, focused, trained and organized cyber professionals designed to provide the department a high end of capacity and capability. There are 6,200 people within that force. We're about halfway through the build. I have to add, those 6,200 individuals are divided into 133 teams. The teams are specialized. Some are defensive, some are offensive. And that capability, I have to deliver at what we call a fully operational capability by 30 September, 2018. So just over two years. We're going to reach the goal, is to reach IOC, or initial operating capability, for that entire force by 30 September of 2016, so that's only three months away so I'm focused right now on making sure that the initial operating capability that we meet that timeline and the team is fully started and ready to go.
It’s an example in some ways of how cyber is different than some areas because demand at the moment exceeds capacity. This is the one mission set that I've been involved in as a military professional for 35 years. We're not even waiting until a team is fully constructed. As soon as we get a cadre, we are putting teams on targets. Think about what that means. You will not find in DOD, we don't take a fighter squadron and say, “Well, you've got 5 of your 24 aircraft, we're sending you to Afghanistan.” We don't say, “Hey, we got a brand new carrier coming out of the yards. You've done your builders acceptance trials, but you haven't done your workups, but we're forward deploying you to the Persian Gulf.” The reality is, because of the dynamics of cyber, we need to apply capacity as son as we're generating it. And so we find ourselves in a situation, a little unusual in the military arena, as soon as we get a basic framework, we're deploying the teams and putting them against challenges. It's an interesting leadership challenge, about how you do that at the same time you're still trying to build that team. But in the end, I think it's the only option we have. We just can't wait, for example, until 30 September 2018 and say, “Well, now that everything is 100 percent fully trained, perfectly aligned, now hold us accountable for exercising the mission.” It isn't going to work that way. There's just too many demands, there's too many requirements. But it is very different for us in the culture of the department.
I'm comfortable that we're going to meet those milestones. It's a lot of work. My compliments to the services. They're very committed to this, the department is very committed to this. You know, cyber is just one significant challenge within a breadth of challenges that the department is trying to deal with. I'm very grateful and very fortunate that the department leadership has acknowledged the challenges associated with cyber and in a declining resource environment is willing to invest in those challenges. Even as I acknowledge, it never goes as fast as you want, and it’s never-- you're never where you want to be.
I'd never had a job before where I literally every day am thinking, how do I make sure we're staying ahead of the adversary? I just always feel like we are in a race to make sure we are generating capacity and capability and that we are doing it faster than those who would attempt to do harm to us.
And when you do this, as you watch what opponents are doing, as I watch behaviors out on the net, you just-- it’s almost visceral. I just feel like every day we're in a race to generate capacity and capability before the adversary. That's invigorating, don't get me wrong, it's very invigorating, but it isn't without its challenges. Because every day in the cyber arena, you find yourself in contact against a wide range of adversaries.