WASHINGTON, March 2, 2016 —
As the clash between cybersecurity and privacy concerns lingers in the headlines and the courts following tech giant Apple’s refusal of a court order involving data encryption, Defense Department leaders continue their quest to build partnerships with tech industry leaders.
Privacy and security are and will remain the “two imperatives” in safeguarding the nation’s cyber domain, the Defense Department’s cyber chief told a tech audience in San Francisco yesterday.
Navy Adm. Michael S. Rogers, commander of U.S. Cyber Command, spoke at the 25th annual RSA Conference, a gathering of technology and security professionals.
Building the Cyber Force
Cyber Command, partnering with other organizations, has three primary missions, said Rogers, who is also the director of the National Security Agency and chief of the Central Security Service:
-- Operate and defend the department’s networks, platforms and weapon systems against cyber threats;
-- Generate a dedicated workforce to apply cyber capabilities from defensive to offensive;
-- Apply cyber capabilities to help defend 16 critical U.S. private-sector infrastructure segments, from power and water to financial and aviation.
In meeting those demands, Rogers said, “We are spending a lot of time going back to the fundamentals: how do you create a network in which defensibility, redundancy and reliability are core design characteristics?”
Many existing networks and systems were built in a very different time and a place, when the threat of adversaries appeared small, he said, while now even data storage is an increasingly valuable target, given the “many who have a strong desire to steal it.”
Rogers said Cyber Command is about halfway through building a 6,200-person “dedicated, high-end cyber mission force,” slated to form 133 teams to operate across the three mission areas.
The workforce is scheduled to be at initial operating capacity by Sept. 30, 2016, and fully mission-capable two years later, Rogers said. He added, “As soon as we can bring capability online we’re employing it … we can’t wait for it to be perfect.”
Moving from Transactions to Partnerships
Rogers told his audience Cyber Command wants to build private-sector partnerships to further its cyber missions.
“I believe in what you bring to this fight,” he said. “I believe in the knowledge and the innovation that you help power.”
Cyber Command has established a small presence in Silicon Valley made up largely of reservists who work in the tech sector, Rogers said. The goal, he said, is “to bridge the differences in perspective and the lack of knowledge and insight that at times we each have about the other.”
He also seeks more interaction with academic institutions, including Stanford, Berkeley and others, he said, “Because I believe that the academic perspective, the research and the insights they develop are also important for us.”
Cyber Command regularly exercises its capabilities to prepare for future real-world operations, he noted.
“I encourage industry, I encourage all of you in your organizations – we want to partner,” the admiral said. “And if you’re interested in being involved in some of those exercises, we welcome your participation.”
Balancing Protection, Privacy with Security, Safety
Rogers outlined the NSA mission set, which combines foreign intelligence gathering on one hand with information assurance on the other. That information assurance role increasingly involves the private sector, he said.
While he said wouldn’t have predicted his role as NSA chief would require him to deal with a motion-picture company, “in the aftermath of the hack against Sony, … it’s the nature of the world we find ourselves in, and I see that only developing further.”
The NSA has specialized knowledge of adversary strategies and how to mitigate possible weaknesses, he said, and “there is no silver bullet, no single answer” to solve cyber security challenges.
The nation counts on the NSA to help ensure its safety and security, Rogers said.
“How do we ensure the protection and the privacy of our rights as citizens, which is fundamental to our very construct as a nation?” he asked. “It’s what drove the creation of this thing in the first place. … At the same time, we’ve also got to figure out how … we ensure the security and the safety of those same citizens.”
It’s not an easy challenge, either in the United States or around the world, he said.
Silicon Valley has been “the heartbeat of innovation and fundamental change,” he said, developing technologies “that have ensured the greatest transfer of knowledge and insight we have probably ever experienced in the history of man.”
Protecting privacy and security “can’t be one or the other -- we’ve got to figure out how to do both,” Rogers said. “I believe in the power of industry, of what we have seen here in the valley over the last decades, to be part of that solution.”
Defense Secretary Ash Carter also attended the RSA Conference as part of a slate of West Coast engagements this week with tech industry leaders and U.S. troops.
Organizers bill the RSA Conference as “where the world talks security.” Scheduled offerings this year include remarks by figures as diverse as U.S. Attorney General Loretta E. Lynch, Symantec president Michael A. Brown, Oxford philosophy professor Nick Bostrom and actor Sean Penn.
(Follow Karen Parrish on Twitter: @dodnewskparrish)