SAN FRANCISCO—U.S. Navy Admiral Michael S. Rogers, commander of the U.S. Cyber Command and director of the National Security Agency, took the keynote stage at the RSA Conference here today to deliver a key message—he wants to work with the technology industry to help defend both the security and privacy of Americans.
In his keynote, Rogers explained what the roles of the two organizations he leads are all about. The U.S. Cyber Command is a military organization that is tasked with operating and defending Department of Defense networks. It also has the mission of being prepared if directed by the president or the Secretary of Defense to apply resources to defend critical infrastructure assets.
In an effort to improve security, Rogers said Cyber Command is looking at how data is stored, especially now that data is a commodity of interest to many who want to steal it, which is the lesson learned from the breach of U.S. Office of Personnel Management (OPM). The OPM breach exposed nearly 26 million Americans to risk.
Rogers said that Cyber Command is looking at where data is held and making sure that tripwires are in place to make sure data is defended. Cyber Command is also being scaled up, with a plan to have 6,200 trained security staff by September 2018.
"Every individual that has access to a keyboard is a potential point of vulnerability," he said.
As such, Cyber Command also is doing training to make sure every individual in the Department of Defense understands the implications of the choices he or she makes, such as changing configuration settings or clicking a link.
Improving security also is about culture, which is where Rogers' experience in the Navy has relevance. There is a nuclear culture in the Navy, with high levels of accountability and responsibility, he said. That culture has many special processes and is one that mitigates risk, and Rogers wants to bring the same ideas to the Department of Defense.
Rogers' job at the NSA has two key missions: foreign intelligence gathering and information assurance. One mission helps the other, as intelligence on what attackers are doing can be used to improve security, he said.
"The nation counts on us to protect its security and safety, and we have to do it in a way that protects the privacy and rights of our citizens," Rogers said.
Rogers also provided some visibility into what types of threats he's worried about, though he joked that his concerns don't keep him up at night.
"Trust me, with my workload I have no problem sleeping," Roger quipped.
That said, on a more serious note he did admit that he's concerned about attacks on infrastructure, such as the 2015 attack on power plants in the Ukraine. And he's worried about attacks that not only steal data, but also manipulate it.
"What happens when we can no longer trust the data we see?" Roger said.
As he looks forward to figuring out how the NSA can continue to fulfill its mission, Rogers said that there are some fundamental tenets. Among them is the reality that there is no silver bullet and no single answer for security. In addition, technology alone isn't enough, so it's important to not overlook the human dimension.
Rogers is confident that the only way he can succeed at his what he does is by working in partnership with the technology industry and not against it. In his view, during the recent debates about privacy and security, the technology industry and the government have been talking past each other, not with one another.
"It's time for us to all stop talking past each other," Rogers said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.