Roger Anderson has been involved in intelligence-related activities his entire career. In the 1980s, he worked on Department of Defense TIARA programs while at the Georgia Tech Research Institute. He then joined the CIA and spent 15 years there, working on all of the NFIP programs with the primary focus on SIGINT and technical collection missions. As a SIGINT-focused officer, Anderson worked with the NSA and completed three tours there. He took early retirement in 2002 and has since been a contractor. His contractor roles have included executive vice president for Mnemonics, Inc., and senior executive account manager for Harris Corporation’s largest IC account. A former coworker at Harris who had previously joined AST asked if Anderson would be interested in building a new AST business unit focused on cyber. “The opportunity appeared interesting, so I joined them,” Anderson said.
TheNewNewInternet: As vice president of network intelligence, what do your current responsibilities include?
Roger Anderson: I am responsible for the company’s portfolio of activities related to CNA/CNE/CND missions, independent of the procuring customer.
TNNI: What are some of the core competencies AST brings to the table in this space?
Anderson: For AST’s 26-year history, it has largely been known as a leader in SIGINT Survey & Selection Equipment (S&SE). As such, we have a deep understanding of all the significant communications technologies and protocols employed worldwide. Whereas AST’s legacy focus has been on hardware-based devices that exploited the lowest three layers of the ISO protocol stack, my division is going to focus more on software that exploits layers three through seven – building systems that help customers better understand in real-time what is occurring in their networks, whether that be detecting malicious activities, identifying critical vulnerabilities, or providing improved network management tools.
TNNI: What are some key products/services AST provides that can help address federal cybersecurity challenges?
Anderson: Most of our current technology has been developed to address IC missions; however, the same technology is directly applicable to DoD, DHS and DISA needs. We are currently adapting a suite of tools for the federal market that is based upon products we have deployed for IC missions. These tools will range from deep packet inspection, metadata processing, malware detection, network management and visualization to an integrated suite of CNA tools for the emerging DoD offensive missions. In addition, I have an engineering services business unit that works hand-in-hand with our IC and DoD customers to architect, design, develop, integrate and operate mission solutions from within customer facilities. These engineers have an excellent understanding of the key mission needs due to their proximity and exposure to daily mission activities. We are using their ideas to focus our IRAD investments and to prioritize our future products rollout.
TNNI: How do you think the cyber threat will change over the next coming years?
Anderson: Everything will be connected. As mesh networking, cloud computing and ubiquitous sensors become reality over the next decade, they will present both opportunities and challenges. Challenges on the defensive front and increased opportunities for exploitation on the offensive front. The hardest part of the cyber threat has, and will be, the fact that it is continuously evolving.
TNNI: What are some emerging technologies or processes that can be leveraged to improve cybersecurity in the federal government?
Anderson: Effective identity management, better authentication of communications and a better architected set of security appliances are critical. Today’s security appliances, which do a reasonable job (if configured properly) of defending against hackers and script kiddies, probably aren’t much defense against a nation-state with the resources, intent and political will to get into any network.
TNNI: From a business perspective, where would you like to be in the federal cybersecurity market a year from now?
Anderson: Our initial focus has been on the IC because we understand it the best. We have made successful entries into multiple special DoD cyber activities, and we’ll continue growing those. We’re very interested in DHS and are watching closely to see how its plans play out.
TNNI: How do you see the future of intelligence collection? Will it focus on HUMINT or SIGINT?
Anderson: Both will continue to be critical. HUMINT can be a key enabler to SIGINT missions and, if the corresponding lead agencies can work past their institutionalized parochialism, they can do great things together.
TNNI: What do you think the definition of cyber warfare should be?
Anderson: To deny, disrupt, or degrade the operation of an adversary’s computers, communications, or critical infrastructure.