“There is no one silver bullet that’s going to solve this problem,“ said Adm. Michael Rogers, director of the NSA and U.S. Cyber Command, in his opening remarks at the Potomac Officers Club's 2018 Cybersecurity Summit held Tuesday.
“There is no technology that’s going to fix all this for us, so it’s about a lot of heavy lifting from a lot of different perspectives,“ Rogers cautioned. This was the central theme of his remarks, which highlighted the need for a multi-pronged approach to bolstering the nation's cybersecurity needs.
To that end, he defined three central mission objectives of USCYBERCOM. The first, defending the Department of Defense's networks, means thinking “beyond the network.“ We also have to take into account the weapons, the platform and the data, Rogers stressed.
The second mission relates to deploying the DoD's offensive cyber capabilities, as evidenced by USCYBERCOM's fight against ISIS. Though he didn't outline specifics, Rogers commented the agency is generating “some significant capabilities for this nation to try to provide policymakers and operational commanders with a wider range of options.“
The third and final mission objective, he said, encompasses the defense of critical infrastructure, which can include partnering with the Department of Homeland Security and the FBI.
As director of the NSA, Rogers oversees signals intelligence, which allows for the gathering of foreign intelligence on adversaries, as well as other states and actors, and the development of cybersecurity knowledge and insights. He noted that second part entails understanding our adversaries' targets, techniques and goals.
It is very different to defend a network you don't believe anyone has penetrated versus one where you're trying to drive an opponent out, Rogers highlighted. However, if you work in cybersecurity you need to be able to do both.
“This idea that you're going to create something nobody's ever going to penetrate. You can be guaranteed. I don't believe it,“ he told the audience.
As important as new technology is, the greatest challenge to cybersecurity lies in the norms, culture and ethos governing institutional behaviors, Rogers warned. USCYBERCOM is only eight years old, he pointed out, so it's not beholden to decades of old ways of thinking. This allows its organizational culture to be attuned to the idea that change is not only constant, it's the norm.
Whatever the mission may be, in both the public and private sector, cybersecurity must be viewed as fundamental to executing the mission, Roger advised. This means spending more time upfront during the federal acquisition process, in the building and testing phases, so that cybersecurity is a “fundamental aspect of its design.”
Rogers said it also means rethinking the development cycle, which often takes decades and is incredibly capital intensive. Any new technology must be able to rapidly evolve, he stressed, and acknowledge that the cyber environment of today is going to be different than the cyber environment of tomorrow.
Adm. Rogers will step down from his post this spring, to be succeeded by Gen. Paul Nakasone, formerly head of U.S. Army Cyber Command.
The next POC event, 2018 Navy Forum: Agility, Adaptability and Resiliency, will be held on Wednesday, June 13th. Spots are filling up, so register today!