in Share Stories & News

Ex-NSA boss: Good news. Election security focus helped dissuade increase in Russian meddling with US

351 Views

Ex-NSA boss: Good news. Election security focus helped dissuade increase in Russian meddling with US

Interview Russia appears to be having second thoughts on how aggressively, or at least how visibly, it attempts to influence American elections, according to a former head of the NSA.

I wonder if the Russians have said to themselves, ‘Look, we think there’s a return to be made, but perhaps being overly aggressive … overly visible isn’t in our best interest’

Mike Rogers is a retired US Navy admiral who was head of the surveillance agency and US Cyber Command between 2014 and 2018; his Navy career spanned decades. Since leaving the service, he has held roles in the commercial security space, and is now operating partner at Israeli security investment group Team8.

He spoke to The Register this month about American politics and adversaries including Russia; the effect of AI on the threat landscape; and the balancing act between government and commercial security.

The Register: In 2018 you testified in front of Congress that we could face a repeat of election interference by foreign powers because recommendations were not followed? How did things look to you in the 2024 election?

Rogers: First of all, the good news is that it doesn’t appear that the Russians, or other nations, have accelerated or significantly increased in either level of effort or the breadth of capabilities being applied on election influence. That doesn’t mean they’re not making an effort, but if you looked at 2016 and you argued it was an indicator of the future, yeah, it hasn’t quite worked out that way.

I suspect there’s a variety of reasons, mainly that governments have been much more focused on election security. I wonder if the Russians have said to themselves, “Look, we think there’s a return to be made, but perhaps being overly aggressive isn’t in our best interest. Being overly visible isn’t in our best interest.”

Now, no one should take from this that I’m saying you don’t have to worry about election security, absolutely not. I’m just highlighting that I am a bit surprised that it hasn’t been a little bit more aggressive.

The Register: We’ve recently seen layoffs at the US government’s Cybersecurity and Infrastructure Security Agency, aka CISA, and it’s an organization the NSA works with regularly. What’s your view on the future of the agency?

Rogers: The right answer is, we should downsize them and tell them, “Hey don’t investigate disinformation and misinformation efforts as part of your mandate. We think you’re focused on the wrong thing. We don’t think that should be a primary focus.” I think that’s the message that CISA is receiving at the moment.

CISA was a great organization, well, is a great organization. It does an awful lot. They inform enterprises and individuals about what the coming threats are. Can they not just get back to pure security?

Deputy boss of Homeland Security says CISA needs to be reined in

Homeland Sec: Election trolling none of CISA’s concern

Infosec was last item in Trump’s policy plan, yet major changes are likely on his watch

So, Russia no longer a cyber threat to America?

The Register: There were reports, now denied, that US Cyber Command was halting efforts against Russia. What’s your take on that?

Rogers: I’m not in the government now, but I will only say during my time we have those kinds of conversations, both in terms of what assistance we can provide, but also what can we learn. It’s one of the premises behind Cyber Command – persistent engagement.

We gained so much more insight, so much more knowledge of the adversary when we’re watching and interacting with that adversary in areas other than just the United States, and we create a greater sense of awareness, knowledge, insight, by partnering with those nations going forward while we’re doing it.

So we argued that at Cyber Command and it has been adopted as a strategy. It’s been that way now for six, seven years, that there’s a lot to be gained by persistent engagement. Just sitting in the United States waiting for the adversary to come after our networks never works.

The Register: What do you think is the role of the government in IT security matters?

Rogers: I believe that the US government has a role in cybersecurity. Now you can get into a debate about what that role looks like, which is all very fair. You can’t achieve cybersecurity at a national and an international scale, you can’t achieve the level of cyber resilience we need as a society without the help and focus of the government.

I don’t think the answer is the government does everything. But on the other hand, the government does have some unique roles.

Nearly 10 years after Data and Goliath, Bruce Schneier says: Privacy’s still screwed
READ MORE

Think about its intelligence capabilities. Think about the deep expertise that it has within its different organizations around cybersecurity. Think about the government’s unique role in terms of regulation, think about the government’s ability to incentivize outcomes. Those are all important things that are very unique in some ways to the government and should play an important role in a cybersecurity strategy for a nation.

The Register: You are in the commercial sector yourself now. What’s your key focus at Team8?

Rogers: We started to get into fintech, healthcare and investment. I think with healthcare, just look at the way that segment is growing. I think in the United States it’s something like 20 percent of GDP – we’ve got an aging world.

I think the view was also that much of the work we’re doing in cybersecurity might also have applicability in the fintech world as well. And so, you know, we started to get into fintech several years ago.

I think you see a broad awareness among companies, whether it’s in fintech or other sectors, that security is a fundamental dimension of the business model that you have to account for. The challenge, to me, is to say okay, if that’s true, then what’s the best strategy to execute it? What’s the appropriate level of investment, what’s the right risk?

Ex-NSA grandee says Trump’s staff cuts will ‘devastate’ America’s national security
READ MORE

The Register: What are your thoughts on AI and its role within information security? Because we’ve seen an awful lot of hype over this, but very little action?

Rogers: So the offensive application, I think, has been greater than the defensive application so far. What I’m hoping is that changes over time, and that as we become more comfortable with this technology, as we develop a set of regulatory and procedural frameworks that increase our level of comfort in terms of its application, and get more aggressive, I think that’s how it’s going to work out. That’s certainly what I hope personally.

You see AI being used to generate code. There is no doubt about it, for example, and I have seen it used more that way by the penetrators than I have the defenders.

Now I do see over time, AI is going to fundamentally change the way we write code. I just think it’s going to enable us to do it at a scale and speed that far surpasses the current structures. And so I see us doing it very differently over time, and that’ll have a disruptive effect on our workforce, the skill sets, who we hire for what jobs and so on. ®

Report

What do you think?

0 Points
Upvote Downvote

Browse and manage your votes from your Member Profile Page

Newbie

Written by Mr Viral

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Museum digs up Digital Equipment Corporation’s dusty digital equipment

Museum digs up Digital Equipment Corporation’s dusty digital equipment
Blaze Reported at Nigerian Gas Line in Area Under Emergency Rule

Blaze Reported at Nigerian Gas Line in Area Under Emergency Rule